Cisco Wireless :: 877 - Create Dual SSID For Corporate And Guest Access
May 9, 2012
I have a cisco 877 configured foir lan to lan between sites A and B. I have used vlan 1 but looks like i have to bvi1 if i need to use the wireless,what is the difference between bvi and vlan. if i wanted users on the same vlan and wireless what would be the base config ? at the moment all corporate traffic goes to site A and other traffic goes to internet. now would i be able to create two ssid, one for corporate to access corporate subnets and the other for guest access alone where the traffic goes out to the internet.
View 1 Replies
ADVERTISEMENT
Jan 11, 2012
One of my customers asked me to configure a WLC 2106 and 2 LAP 1131AG (lightweight) for corporate/guest Wifi. Basically they want to implement a good wifi connection for internal use and a guest one with different QoS. The two lans should both have dhcp but they must bet kept segregated so that none from the Guest wifi can access corporate resources.
Â
Since i've never configured a WLC from scrath i lightly supposed it would be quite straigh forward as routers and switches from Cisco.Unfortunately i was totally wrong.
Â
I've downloaded the "Cisco Wireless LAN ControllerConfiguration Guide" (Soft.Release 6.0 June 2009) and after i red it i made up this workflow
for the configurations:
Â
1) Configure Controller: (via serial)
-Â Set Management Interface parameters (IP- SM - Def GW - Dhcp server IP)
- Set Ap-Manager Interface parameters
-Â Virtual Interface parameters
-Â Set Admin Credentials
-Â Dhcp Configuration (internal and/or external)
2) Ap registration on the controller
-Â Â Configure vlan with dhcp request redirection to the dhcp server
Â
3) Configure Wlan following customer's requests.
-Â Configure Wlan Auth for Corporate/Guest Wifi
-Â Configure QoS for both Wlans
Â
Unfortunately i'm experiencing issue while trying joining the AP to the WLC.It appers that the IT guy of my customer tried to configure one of the Ap.In that Ap's flash i find files referring to a "mesh" configuration like: [code]
View 11 Replies
View Related
Oct 6, 2012
how we can make guest access to our network like hotels by using our WISM v 7.0.220 and wireless control system and ACS ?
View 1 Replies
View Related
Jan 12, 2013
We need WiFi security on our corporate SSIDs locked down using certificates, we are using wlc cisco 2100 series. We need these on every workstation, laptops etc.
View 6 Replies
View Related
Sep 23, 2012
Is there a module or way to create a Guest Access Lobby on the ASA 5525? We currenly leverage the WLC to do this for us, but are moving to a routed access enviornment which is causing some issues. We would like to offload the guest access responsibility to the ASA if possible.                  Â
View 1 Replies
View Related
Dec 17, 2012
how to change our wireless setup. Currently, we have 2 Cisco AiroNet 1130 WAP's in the office that go directly into the 2 POE ports on our Cisco ASA 5500. These WAP's have 1 SSID and are using WEP for security. After demonstrating the flaws of WEP to my boss, he has agreed that we should use something more secure and I've suggested WPA. We want visitors to our office to be able to hop on our wireless but on a separate guest SSID with WEP.
Â
I'd like the internal SSID to route to the ASA and take the default route to the internet (it will be our new fiber connection once it's installed in a couple weeks). The default route is whichever connection is working since our ASA 5500 will fail over when it detects an outage.
Â
I'd like the guest SSID to route to the ASA and then go over our existing cable connection. This connection will be our backup once the fiber connection is installed. Since we won't be using it very often, but will be paying for it, I advised that we send all guest wireless traffic over this connection since 50/5 is plenty for guests.
Â
The current SSID (which will be the internal SSID) has no VLAN. We do currently have a few VLANS on our network, one for voice (.42) and one for data (.100) and the default (.0). What device to I create the VLAN on (Cisco 5500?) and how to I setup the WAP? I need very basic instructions to start and I'm also trying to do this without causing downtime if possible.
Â
I've attached a diagram of what it should look like. Red indicates our internal network and Blue indicates the guest network. I can send screenshots as well.
View 2 Replies
View Related
Aug 18, 2011
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies
View Related
Nov 17, 2011
I have two WLC-5508 for 50 AP's deployed. One is primary controller & other is secondary.Recently noticed an unknown "authorization failed, no sufficient privileges for user" message poping up while making configuration changes in WLC. Specificly when trying to create an new SSID. WLC Authentication is local. This message poped up earlier once or twice but it didnt prevent from making changes that time.
View 3 Replies
View Related
Dec 11, 2012
how to setup a separate SSID for guests (without a password).
Â
Basically, we have one SSID now called Mnet which has a WPA2 password. For guests coming in i want Mnet Guests where people can connect without needing a password. They should be able to use internet but not connect to LAN devices, how to accomplish this with this WAP321?
View 7 Replies
View Related
Feb 2, 2013
I am setting up a guest WLAN network on our existing 1242 AP's using a seperate VLAN. On most wireless devices which are on the company network/VLAN's, I have used WEP authentication with hex keys, and no broadcast. Obviously this cannot be the same for a guest internet connection.We want to have the VLAN/SSID in guest mode (which i have configured) for broadcasting, and then once someone selects the SSID on their laptop or smart phone, they are just prompted to authenticate with a standard alphanumeric password (example "guestwifi") instead of a 40 or 128 bit key.
Â
I have searched all over and tried multiple things in the CLI on AP1, but can't seem to get anywhere.
View 4 Replies
View Related
Aug 7, 2011
Trying to access my corporate VPN. My laptop can successfully VPN in anytime I'm on the road, but not through my WRT54gx at home. I've enabled the VPN pass through but my expertise ends there.Â
View 1 Replies
View Related
Oct 8, 2012
I'm able to to create my main network, but unable to create guest network. Already create CP and when connected to the guest SSID, the guest could still see my main network. How to create Guest network?
View 1 Replies
View Related
Feb 24, 2013
I have a cisco wlan controller (2100) running software 7.0.235.0. I have the internal private wlan running off of port 1 and that is working fine with an internal dhcp server.Is it possible to setup another ssid (guest) and have the interface directly linked to a static ip on the WAN and also use the built in cisco internal dhcp server?
View 4 Replies
View Related
Feb 28, 2013
i have two 5508 ver 7.3.0, one is the primary and one is the guest controller. mobility is up and running. i have an exising guest ssid working with wpa2-psk and web authentication and its working fine but i require a second guest ssid that only uses a wpa2-psk for ipod/ipads as i cant use passive client on primary controller. i presently have the one vlan range and dhcp setup on the guest controller to give addressing to either ssid. i know you can have multiple ssid setup on the guest controller but in other sites i have only had one guest connection comming from the primary controller, just a primary controller on each sites was only creating one link to the same guest controler.
View 3 Replies
View Related
Jan 17, 2013
My customer need creates some separately web portal for some SSID (Guest and Staff), 01 web portal for Guest and 01 Web portal for Staff. Can WLC2504 can support this features ?
View 2 Replies
View Related
Jan 25, 2011
A query here with regards to Wireless isolation between SSID and wireless isolation within SSID.If we have 2 SSID, eg. InternalSSID, GuestSSID on AP1.Both SSID are set to Enabled for isolation between SSID, and within SSID, that would mean all machines connected thro' this AP1, would be isolated from one another.
Â
1) If there's 1 laptop that connects to another AP, lets call it AP2, (doesn't have isolation function) on ssid01. Would this laptop still be isolated from those that connects to the first AP?
Â
2) If there are wired PCs connected to the router. And the 2 APs are connected to the same router. Would the machines connected thro' the AP1 on either InternalSSID, GuestSSID be able to access those wired PCs? (My assumption is yes.)
Â
3) Is there a quick and efficient way to setup on WRVS4400N to isolate GuestSSID totally from InternalSSID, and wired PCs. InternalSSID and wired PCs should be allowed to 'see' one another.
The challenge here is that, the network points are all installed already. Both AP are connecting thro' 2 separate unmanaged switch together with a couple of other PCs. 1 Port on the unmanaged switch, each,connects to the router.
View 1 Replies
View Related
May 2, 2012
We are deploying 3600 AP's with a 2504 and would like to create multiple SSID's that are mapped to unique VLANs so we can control the traffic at the Firewall. We have the 2504 up and running with AP's but there appears to be no where in the 2504 controller Web GUI to configure a VLAN mapping to an SSID. Any pointers to documentation on how to configure?
View 1 Replies
View Related
Sep 7, 2011
i have a e3000 set up with my network i have guest network set up through the cisco connect but dont see a field to change the guest network broadcast ssid so an ideas?
View 1 Replies
View Related
Jul 30, 2012
We have been deploying 3502 APs remotely to locations with full T1s that backhaul to where I sit at HQ. Both the foreign and anchor controller are here at my location.
Â
I am seeking to rate limit per user the bandwidth each client will get on the guest internet ssid. As you know this traffic is encapsulated in capwap between the AP and the controller so I cant use a standard ACL on the switch or router.
Â
We are trying to keep the guest internet access usage in check on the T1 at any given site so the other ssid's & local lan traffic is not overly competing for the bandwidth.
Â
I found the place to edit the default profiles in the controller but the documentation really isnt clear on best practices.
Â
So I put it to you my fellow wireless engineers to suggest how you are implementing bandwidth management on your wireless guest internet.
     Â
Oh and here is my hardware & software levels.
Â
5508wlc - forgeign
4402wlc - anchor
Software Version7.0.230.0
View 3 Replies
View Related
Jan 25, 2011
Config:
Netgear ProSafe Gigabit Router is my DHCP Server -- The entire home net work is on the same subnet (192.168.15.xxx)
Linksys E4200 configured as an access point ONLY -- wired connection -- static IP assigned -- DHCP server turned off
Linksys WRT610N configured as an access point ONLYÂ Â -- wired connection -- static IP assigned -- DHCP server turned off
3 -- 5 port gigabit switches
1 -- 8 port gigabit switch
No more than two switches between any two wired devices Both Linksys access points have the same SSID and WPA2 security phrase -- total of 4 radios Nonoverlapping channels are selected on both the 2.4Ghz and 5.0Ghz radio to minimize interference All computers are running Windows 7 Professional 64bit with all the latest updates Two iPhones and one iPad also access the network All LAN and WAN connectivity is working as designed?Â
Problem:Â
guest SSID is turned on
password is establishedÂ
All devices will connect to the guest SSID and the E4200 is assigning an ip address to the device in the 192.168.33.xxx range which is what it's supposed to do.When I open a web browser, I am not automatically redirected to the Cisco Login Page. If I enter 192.168.33.1 as the URL, the login screen is presented. I enter the password I have created in the guest admin page on the wireless guest tab. I then see a blank page and a URL of 192.168.33.1/guestnetwork.asp. THIS IS WHERE I GET STUCK. THE ONLY WAY TO EVER SEE THE LOGIN PAGE AGAIN IS TO REBOOT THE E4200, otherwise you just get unable to connect messages when opening web browsers and the wireless status icon in the system tray shows a yellow exclamation mark.
I successfully connect to the guest SSID but I do not get access to the internet. When I type ipconfig, I see that the DNS is set to 192.168.33.1 which does not exist on my network. I assume there's some internal NAT magic that is supposed to happen in the E4200 to bridge me over to my 192.168.15.xxx network but it doesn't seem to be happening.At the beginning of the call I specifically asked them if the E4200 must be the DHCP server in order for the guest SSID feature to work and they said no. 1.5 hours later they had no answers so they told me that it wasn't working because the E4200 was not the DHCP server. The documentation says nothing about a DHCP requirement for guest AP service. Linksys support further could not answer what you would do if you needed more than one AP with guest service enabled.It seems like this is a firmware issue but it may be the guest SSID service requires the E4200 to also act as the DHCP server. Whether this is a bug or if the router/AP is working as designed?
View 9 Replies
View Related
Aug 20, 2011
I changed the 5 GHZ SSID name using Cisco connect on my E3200 router as was expecting to see 2 available wireless networks on my laptop, but it seems that only the 2.4 GHZ is still broadcasting as it was before. When I connect to it with my laptop it shows it connecting with 802.11n, so I would think that my laptop would see the 5 GHz SSID if it was broadcasting. I am trying to take advantage of the dual band feature and connect the 5 GHZ to my blue ray player for real time video streaming.
View 9 Replies
View Related
Jun 19, 2012
I have a Linksys EA4500 setup on my corporate network for wireless access.  I have enabled the guest network and from all I can tell it's on a seperate subnet from my internal network like it should be. 192.168.x.x  My internal is on a 10.x.x.x network. I conenct to the guest network using a laptop and I'm prompted for a password to get to the internet, which I like. The one issue I'm seeing is when I'm connected to the guest network I can still do an RDP session to internal resources.  How is this possible if the guest network is on a seperate subnet?I take a laptop which has not been joined to my domain, connect to the guest ssid, and then open an RPD session and enter an IP address for an internal server and it connects.  Is there a setting to keep this from happening
View 6 Replies
View Related
Apr 5, 2013
I have sent up a wireless network in a large building using WAG120N Modem Router and four E1000 wireless routers set as access points. Â The E1000's have the DHCP switched off to enable roaming so the WAG120N takes care of all that.
View 1 Replies
View Related
Apr 13, 2013
Region : UnitedStates
Model : TL-WDR3600
Hardware Version : V1
Firmware Version : TL-WDR3600_V1_130320
ISP :
Has anyone gotten the Guest Network feature to work from the new firmware TL-WDR3600_V1_130320?I have my WDR3600 setup as an access point:TPLINK with static IP address connected via ethernet cord from the LAN port and connected to the main Verizon FIOS router which distributes DHCP IP addresses to the netwrok. Can not get the Guest Network feature to work - I see the guest SSID I created but when I connect to it, the IP address assigned is in the 169. range meaning it does not get to my main router.It may be because I have the TPLINK setup as an access point, so are there any people who have gotten Guest Network work either with the TPLINK as the main router or as an access point?
View 1 Replies
View Related
Feb 21, 2013
Region : Hongkong
Model : TL-WDR3600
Hardware Version : V1
Firmware Version :
ISP :
When using the USB printer port share function, I found that some PCs, which had never physically connect to a USB printer before, will not have the virtual USB printer port in the port selection. In this way, TP-Link's USB printer controller will not be able to setup the connection. The PC will not be able to use the shared printer from my WDR3600.how can I create a virtual USB printer port in the remote PCs (without need to physically connect a printer to them) or other method to use the shared printer?
View 5 Replies
View Related
Feb 20, 2012
could i create new guest accounts via CLI? i know that via GUI with lobby embassador account i can create them. I have WLC 5508 (7.0.116).
View 7 Replies
View Related
Jun 11, 2012
I am trying to connect to my office wifi which uses a proxy server. Scenario 1: I am using Samsung Bada (wave 1), connected to the internet successfully and also any applications that require an internet connection including Samsung's app store. While, connecting via open networks like home wifi and other friends' wifi also worked without any issue. Scenario 2: Now I also have an android based Galaxy pocket: even after entering all the required proxy setting as mentioned above, I can access websites via browser but cannot access samsung's app store, google's play store, skype, sipdroid etc. I know it is nothing to do with the network administration as I am still accessing via my samsung wave but not via android. Is there anything like a network profile I need to assign for these applications?
View 1 Replies
View Related
Sep 30, 2012
Looking for input on creating a guest VLAN for a client. The goal is to create a guest VLAN that doesn't have access to the corporate network using one DSL modem. They currently have a managed switch (3COM Baseline Switch 2928-SFP Plus). There are no existing VLANs or guest access. Additionally, they are looking for a WAP that supports captive portal.
View 10 Replies
View Related
Oct 10, 2011
I have an instance of ISE and NCS with a WLC 2100 plus a couple of LWAPs. This is an evaluation POC lab to sell ISE and NCS to our management to make our life easier.The problem I have amoungst many is I can create a guest user directly on the ISE and the guest can login, the ISE monitor shows the guest authenticates but the clients webpage passes them back to the login page not onto the original client url. The web auth is pointed at the ISE/guestportal/portal.jsp page.If I point the web auth at the internal WLC page using a WLC local user account it works.If I set the guest access to pass through it works without issues getting dhcp and dns. On the ISE is there a policy needed to say if guests are web authenticated give them access? The need is for AD authenticated users to be able tocreate guest users. The AD authentication works for sponsorship and guest creation its just the guest access redirection I am having issues with.
View 1 Replies
View Related
Jun 13, 2011
(WLC 4400) which enables employees to browse to a custom made webpage, where they can create an account for company vistors to access the internet. It's important for the employees not use any login credentials, they arrive on a webpage where they specify the login & password which the vistor will enter to browse the internet. Is there any good link to documention about this topic?
View 3 Replies
View Related
Jan 6, 2013
I wish to establish a private and guest network for a local business. They have Verizon service with its wireless router plus their own personal wireless router.The Actiontec mi424wr (rev i) wireless router is connected via Coax and will remain the first in line so as not to disrupt the set top boxes (STB) channel guide and other features managed by the Actiontec. The radio is active with an SSID of "ABC-Private" and its network is 192.168.1.xx. The thought is that only business personnel will connect to this router for internet.I have connected their Linksys WRT54GS to the LAN port of the Actiontec, using a static IP which I have allocated in the Actiontec's DHCP pool for this purpose. This radio is active with an SSID of "ABC-Guests" and its network is 192.168.2.xx. The thought is that only patrons will connect to this router for internet.
My overall goal is that business personnel will have unrestricted access to the internet AND to each other¦ while patrons will only have HTTP and HTTPS access to the internet¦ and no communications will be permitted between the two network subnets. I realize there are hardware firewalls designed for accomplishing such a goal, but the business hopes to avoid the additional expense, if the aforementioned model can provide this capability.In order to accomplish this goal, my remaining tasks as are follows:
1. On the Linksys, permit only http and https traffic (and whatever else the patrons would need/want).
2. On the Actiontec, deny Linksys IP address access to everything except for the Actiontec gateway.
View 1 Replies
View Related
Mar 7, 2013
I am trying to set up a guest SSID which will be separate from other corp SSIDs. I have read about this auto-anchor feature and I have a basic idea. Here are some questions about the network design
Â
1. Can Cisco 5508 with 7.2.111.3 code do NAT? I mean can I use the anchor controller also as a gateway to Internet or do I need another device such as FW or router to do the job?
Â
2. I want the guests to get IP address in 192.168.0.0/24 range. On the anchor controller I will need an interface in this range, correct? However on the internal controller I won't need this interface. The guest ssid will be associated with the management interface on the internal controller, correct?
Â
3. I want the guests to get IP address from general DHCP server. Does DHCP request have to come out of the new interface in the 192.168.0.0/24 range? However this interface will be connecting with the FW. It won't have connection back to the internal network to reach the DHCP server. The management interface will have the route to the DHCP server. Is it possible to use management interface for this SSID but still let traffic to pass through the Guest interface?
View 3 Replies
View Related
Jan 25, 2011
I recently changed my ssid name from the default "dlink" to a more unique one. The problem is that the router is still broadcasting the default ssid along with the new one. Guest zone is disabled and the new ssid is hidden. But the default ssid is not hidded. Using wpa2 with aes, hardware ver. A1/A2 Firmware ver 1.21. How to remove the "dlink" ssid?
View 4 Replies
View Related
