Cisco Wireless :: Cannot Get WAP321 Guest VLAN To See Internet
Sep 6, 2012
My company has an RV180W Router, a SGE-2000 Managed Switch, and a WAP321 Wireless Access Point. I have about 12 users on a Windows 2003 Server Standard, completely updated. My Win box is my DHCP Server. Now I am running two VLANS, Vlan 1 (default) the main vlan is where the Win box is on. Vlan 5 (guest Vlan) uses the RV180W as the DHCP server.
-Vlan1 is 192.168.1.1-254 - Issued by Win box
-Vlan5 is 192.168.2.100-254 - Issued by RV180W
View 3 Replies
ADVERTISEMENT
Jul 3, 2012
I want to set up internet guest access with my wap321. No matter what I do the guest can see my whole network. Not sure what your definition of guest access is but letting them brows around my assets is not mine. I have a cheap Linksys router at home and that guest access works the way I want this AP to do.No wizards for guest access... In fact there is only one wizard by the way, i.e. basic set up.
My network includes the wap321, sg200-26p switch and the rv042g router
View 4 Replies
View Related
Oct 11, 2012
It's my intention optimize our business WiFi network.Actually we don't have a "Guest" access.Probably WAP321 should be the best solution for us.We will need 3 WAP321 to cover offices area.I have different questions/doubts about Captive Portal functionality.using 3 different WAP321 everyone has the "captive portal" feature, or you can configure only one of the three the feature of "captive portal"?if is possible to configure only one of three the feature of "captive portal", the others WAP321 trusting the authentication?what is the ip address released from the "Captive Portal"?all Guest user have the same username and password?
View 1 Replies
View Related
May 25, 2013
Have a WAP321 connected to a Cisco SG200-08P then connected to a Cisco 2901. The main wireless on vLAN 1 works fine. However, the Guest on vLAN 4 (Choose vLAN 4 as per the included docs so guests will be unable to see the production network) will not give an IP to any wireless device. Looking for documentation on getting the Guest radio working. The included documention for these 3 devices do not address how to get the Guest radio to work.Does vLAN 4 need setup on the 2901? Have just 1 internal port on the 2901.
View 14 Replies
View Related
Dec 11, 2012
how to setup a separate SSID for guests (without a password).
Basically, we have one SSID now called Mnet which has a WPA2 password. For guests coming in i want Mnet Guests where people can connect without needing a password. They should be able to use internet but not connect to LAN devices, how to accomplish this with this WAP321?
View 7 Replies
View Related
Oct 8, 2012
I'm able to to create my main network, but unable to create guest network. Already create CP and when connected to the guest SSID, the guest could still see my main network. How to create Guest network?
View 1 Replies
View Related
Oct 14, 2012
I have 1 WAP321 for guest access. Now I need to isolate traffic of guest captive portal from my LAN.How can I do this?
View 1 Replies
View Related
Apr 8, 2013
Any issue creating a guest vlan to use the WIFI on an 891W router? The IOS is version 15.1. I have created discreet Vlan's and setup subinterfaces on both the WLAN_AP0 and GigaEthernet 0 interfaces with dot1q encapsulation. The client will receive an IP from the pool but cannot ping or connect beyond the default gateway.
The external interface is using Nat overload and all wired clients are successful in connecting to outside addresses. I have insert a permit any statement in the acl which affects the external port but still no success.
View 7 Replies
View Related
Feb 26, 2013
I have a WAP321 I am trying to set up. It's connected to gi1/23 and the switch system mode is set to router. The rest of the network works just fine.I have an SG500-28p and the port. [code] On the WAP321 wizard, configured IP address on my management vlan and also configured the default SSID on that vlan. That works. (I plan to remove that one) Then I add the two SSIDs for vlan 20 and 22 (private and public access) and I can't associate to either of the two additional SSIDs. I haven't configured any other settings beyond the wizard and adding the other two SSIDs. I do want cisco mobile ios (jabber) to work on the private network and also do have a couple spa525g2s that need to connect wireless.
View 1 Replies
View Related
Dec 4, 2012
I have setup a WAP321 and configured it for a captive portal. It is connected to a SG300 switch and the gateway is a SA520.The SA520 is setup with two VLANs. The default of ID 1 and a guest vlan ID 2.
The SA520 is assigning the IP addresses to VLAN ID 2. That is working properly.And the captive portal works fine as long as I have Inter VLAN Routing Enabled on VLAN ID 2. But, I do not want VLAN ID 2 to access the local LAN so I Disabled the setting for VLAN ID 2. If I disable captive portal on the WAP321 with Inter VLAN Routing disabled, everything works fine. No access to VLAN ID 1 and Internet access works fine.
View 2 Replies
View Related
Oct 12, 2011
I'm wanting to setup a Virtual Office scenario. Everything is working fine except for 802.1x...I can get the 881 to authenticate things connected to it, but I don't have the options of guest-vlan or auth-fail vlan.Idea is if the users takes the router home and someone, either accidentally or on pupose, connects an unauthorized Laptop, they stay off the Corp network but can get to the internet still.I found this link on Cisco's site: [URL]That link shows them configuring a guest vlan right on the fa0-3 ports of an 881W. I dont have that option on mine. I can only configure 802.1x on the vlan interface. I have 802.1x working, for things that connect to vlan1, but I would like to have a "fallback" setup.
EZVPN_Remote(config-if)#int fa1
EZVPN_Remote(config-if)#dot
EZVPN_Remote(config-if)#dot1?
dot1q
EZVPN_Remote(config-if)#dot1
[code]....
View 1 Replies
View Related
Feb 10, 2012
I am running a /24 network in Active Directory with my ASA acting as gateway and firewall. Standard interfaces (Ethernet 0/0 as outside, Ethernet 0/1 as inside)
As of now I have no VLans set up, but I need to setup wireless Internet access for guests... I need directions on how to setup a Vlan with its on DHCP for these aguests... I can then make sure that my APs can be pointed to the same VLAN... I am not familiar with CLI, have generally used ASDM. I am currently running ASDM 6.3(1) on an ASA with version 8.3(1).
This is something I need to do quickly as we are expecting 20-40 "guests" shortly, and I don't want them to use our internal DHCP server addresses.
View 3 Replies
View Related
Jan 27, 2011
I have a AP541N connected to a UC560. We are currently configured for Wireless Voice and Data. We have added a Guest VLAN, but don't see where in CCA to secure the VLAN from accessing the other other two default VLANs.
Additional Info: AP541N-K9-1.7(2)UC560 15.0(1)XA2, RELEASE SOFTWARE (fc2)CCA 3.0
View 1 Replies
View Related
Jul 11, 2012
Hardware: Cisco 3750 switch and Cisco autonomous access point (AIR-AP1142N-E-K9).Requirement: A single broadcast SSID; use dot1x to assign vlan 98 to authenticated clients (computer certificate); assign vlan 3 (guest) if the authentication fails.I can achieve assigning a guest vlan on authentication failure when using a wired connection by using the following command on the interface:authentication event fail action authorize vlan 3 I'm after a way to achieve the above using the wireless access point. The main point is that internal users cannot access vlan 3 as they have a valid certificate and that guests do not have to authenticate.
View 2 Replies
View Related
Feb 23, 2012
In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
SSID Name - guest
Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
Mobility Group: Same configs at both ends
SSID Anchor : Anchor SSID on local and local SSID on Anchor.
AP: CAPWAP 3502 Management Subnet
[code]....
Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
View 8 Replies
View Related
Mar 6, 2012
We are trying to setup a WAP4410N with 2 SSID's. One SSID for our private network and the other for guest internet access. On the VLAN and QoS page there is a setting for priority. What would be the suggested values for this setting? We obviously want our private network to receive priority over our guest network.Also, does VLAN Tag setting need to be on Tagged to determine private from guest traffic?
View 2 Replies
View Related
Nov 27, 2011
I am primarely enquiring whether the setup I have explained below is actually possible, and if so then how I can set this up. I know it isn't the easiest configuration and I need to set this up without purchasing any more equipment if at all possible.I have a Cisco SG 300-28 setup with three VLAN's. [code] Default Gateway is 192.168.10.1 (Netgear Router)I have a Wireless network setup (Netgear WMS and 2 WAP's) configured with the TWO VLAN's (1 and 3). These go into ports on the Cisco SG 300-28 which are tagged on both VLAN's. The Business wireless worked fine but the guest network didn't reout out to the internet.After some troubleshooting I realised the reason the guest wasn't working was because there was no route back from the internet to the router.
The router I have isn't really ideal, it is a Netgear DGN2200, but I managed to create a static route to 192.168.30.1 with a metric of 2, with 192,168,10.254 being the hop. Success, the connection worked, the only problem is that now my guest network can see my business network because the business network is using the static route on my router to route back over to the guest network (due to the limitations of this device I can't do anything about that)Guest network can connect to Business VLAN via switch. I am assuming this is because the router is on the Business VLAN and the default gateway is the router. As they are on the same network the Guest network can inevetably see the business server and network.The Business network can get back to the Guest network via the router using my static route I created. The static route is really basic and I can't create a firewall rule on the router to prevent the Business network speaking to guest network because it only has a LAN - WAN firewall and this connection is LAN - LAN.
What I need is...to somehow stop any traffic from the 192.168.30.0 network routing to anything on the 192.168.10.0 network, appart from the router on 192.168.10.1.Is this possible? I have this setup on a number of different site, the only difference is I have a CIsco Security Router on these with the VLAN's configured so I don't have this problem. Because I have a rather limited Netgear DGN2200 I am unable to setup the VLAN's correctly and as such I need to see if I can do this on the switch in any way.
View 2 Replies
View Related
Jul 13, 2011
is it possible to set the dot1x guest-vlan on a Catalyst Switch via ACS 5.2 dynamicly. I want to make MAB with known Devices (FAT-Clients, Notebooks, Desktops, Printers) and unknown Devices.I will set the VLAN dynamicly with dot1x per ACS. For known FAT-Clients, Notebooks etc. it's running well.But for Printers it's more difficult because I have about 500 Printers in several IP-Segments on several Switches and I will not make to much Rules in ACS for Grouping, Mapping and Authority-Rules.My Idea is to set the Guest-VLAN on every Switch, read them with ACS and use this for my Printers.The Problem is that Guest-VLAN is set on more than 100 Switch and this guest-vlan is different on any Switch.Can I read the Geust-VLAN Value so that I can set this via ACS ?
View 4 Replies
View Related
Apr 15, 2012
I know "Guest Vlan" aren't available on SG200, only SG300 have that feature.Problem is i only have a SG200 on hand and no extra budget.
We have multiple vlan:
vlan10: LAN
vlan20: Voice
vlan30: Guest
vlan50: Servers
vlan100: Lab1
vlan200: Lab2
Since it's a small business and lot of people moving around, doing test, etc.... most port are tag with all vlan. Our Wireless AP have multiple SSID one with vlan10 and one with vlan30 for guest.
Is there any way without the "Guest vlan" feature that i could have with my equipment any equipment without a vlan configuration be set on vlan30 ?
View 15 Replies
View Related
Apr 9, 2012
I have a 2960 sw configured for dot1x authentication, the problem is the Guest VLAN and Restricted VLAN didnot work. The switch port was stuck in authenticating status. The server is Juniper IC4500.
View 2 Replies
View Related
Oct 10, 2012
I've configured an ACS 5.3 system and all my groups etc fucniton corrcetly both for Network Access and for Device Administration.
However I'm stuck trying to allow clients to authenticate against the router's web-page i.e. Web-Authenticaiton, using TACACS+ between the router and the ACS5.3.
I've looked into this and I need to configure a custom-attribute of "service" with type Outbound and link this to an Authorization policy.
View 3 Replies
View Related
Apr 17, 2011
I would like to configure a guest-vlan and restricted-vlan on a 2960 switch, but I can not.
I am trying to configure the interface using the following commands: [code] similar result is obtained while trying to configure a auth-fail vlan. the full configuration file is attached.
View 4 Replies
View Related
Jun 23, 2012
I have some Cisco 1240 Access Points which are not centrally managed. I want to add 802.1Q trunking so as to be able to provision a guest VLAN. But a trick is that these APs are in some very high ceilings. I would like to provision the new trunking and guest VLAN without having to remove them from the ceiling. Someone suggested I just make the native VLAN save as existing and make the port to which attaches a trunked port. But when I did this I lost connectivity to the Access Point. Access came back as soon as I made the switch port an access port. how I can add the trunking and guest VLAN without having to get into the ceilings to remove them and configure them via console or other?
View 2 Replies
View Related
Mar 26, 2013
I have registered here to clarify some things about VLAN's. There are so many (different) names and mentions that i found tat my vision gets blurry looking through all the info.I have a setup at a client where the Guest WiFi access needs to be separated from the normal LAN where all the normal devices are attached to. The guests are not allowed to reach the IP camera's and printer etc. etc. . I am trying to visualize how the traffic should flow but the Tagged, Untagged, PVID, Trunks and other names that i found make it difficult for me to see how it works together.
View 8 Replies
View Related
May 18, 2013
I am configuring 802.1X in a 3560 Switch, my Radius server is a Microsoft IAS, when I connect a station of a guest user, the guest-vlan is not assigned in the port, and I have these logs:
May 8 21:23:02: dot1x-ev:Received an EAP Timeout on FastEthernet0/8 for mac 0000.0000.0000
May 8 21:23:02: dot1x-ev:dot1x_guest_vlan_applicable: Guest VLAN not
[Code].....
View 7 Replies
View Related
Oct 17, 2012
Any problems with the guest network on the ea4500 with the cloud firmware? I am losing guest clients after about 24 hours and the re-authentication fails. you enter the guest password and nothing happens until you reboot the router.
View 2 Replies
View Related
Oct 28, 2011
I am running a 5508 WLC with 10 Access Point. we need to allow Internet Access to Guest. 10MB DSL Internet is dedicated for Guest. This link is terminated on a regular ADSL modem without being part of our network. We want all Guest Internet traffic to reach the ADSL Router. where should I create the Guest VLAN / where the DHCP for Guest users should be created. what is the best practise for similar setup.
Our Network is simple
ISP_Reuter-------ASA_Firewall--------------4505------------LAN-switch 2950
ADSL_modem------------ users connect via wireless but restricted to certain area only.
View 9 Replies
View Related
Mar 6, 2013
We have the RV180W router and the WAP321 access point in our business. We want to broadcast two SSIDs from both locations: the office SSID, which shares routing to LAN traffic, and a guest SSID.The office computers are attached via ethernet to a switch off of LAN port 1 on the router. The AP is attached to LAN port 2 on the router.On the router, the office SSID and the LAN are members of VLAN 1. The guest network is a member of VLAN 2. From the router, everything works just fine.On the WAP, the staff SSID works fine, but the guest SSID has no internet. Both the office and guest networks get DHCP successfully from the router.Our VLAN membership table in the router and WAP are attached, as well as other configuration details.Why would we not be getting internet on the guest ID only on the WAP?
View 8 Replies
View Related
Feb 26, 2012
I need to configure a network in 1 small office space that segregates 2 company domains but allows them to share an Internet connection, a WAP, a couple of printers, and a non-Cisco VoIP phone system. And, it needs to provide guest access to the internet and printers via wireless. I have a SG300-28P, an SA520W, and a WAP2000 to make it all happen. [code]
View 3 Replies
View Related
May 6, 2013
I have setup an aironet 1262 with my ASA 5512 and configured it as an access point. I would like to add an additonal network to the ap for guests to use but I would like to segregate the traffic and only allow it to the internet. I am not sure how to start this and go about setting the routes, security and address scope.
View 1 Replies
View Related
Dec 5, 2012
I'm using two WAP321 with 4 VLANS
VLAN 100 - WPA PSK
VLAN 101 - WPA Radius
VLAN 102 - open (captive portal)
VLAN 103 - Management (no wifi)
Everything worked fine until I activated clustering on both devices yesterday. Since then, I can't connect via wifi anymore. I still have access to the management via ethernet. It seems like the wifi clients are not able to reach the Portal, Radius or DHCP Server anymore.
View 5 Replies
View Related
Feb 17, 2013
I have a WAP321. The unit hangs about on every day. Web interface and WLAN let not respond anymore. By a reset the unit will be back. I have put all unnecessary stale. Tracing the turned on, I can say nothing flashy.
View 11 Replies
View Related
Jul 8, 2011
We have the E3000 Router and the guest internet access DOES NOT work. We occasionally repair other people's PC's and I seriously do not want to allow access to our home network. Recently, we are trying to access through guest, on a Win 7 Dell Notebook. It takes the passcode but no internet connection.
View 1 Replies
View Related
