Cisco Wireless :: LAP1142N / WCS V.7.0.172 - Disconnects From WLAN Guest Access
Feb 7, 2012
We have a strange problem. We have a WCS v.7.0.172 that controls our two WLC v.7.0.116 and we have also two "Anchor Controller" WLC
v.7.0.116 for Guest Access.
We use the LAP1142N and every AP has two SSID's. One for internal data traffic and the other one for the guests.
Now the problem is, that even if we have internal and external user on the same AP, the guest users gets disconnected after a few time. Sometimes after 20 minutes, sometimes after 90 minutes...but the user is still working. It's really irregular.
View 2 Replies
ADVERTISEMENT
Jul 18, 2012
I have a strange situation on my guest wireless LAN.The guest WLAN is configured as an SSID "GUEST" on Cisco 1142 lightweight APs, with WiSM controller and WLC software version 7.0.230.0.
For simple Internet access using this SSID, we have a web policy, which causes a web page to be displayed when the user opens his/her browser, and on this web page, the user must click on an "Accept" button in order to accept the terms and conditions of use. Once the user accepts, the browser will then go to the web site which the user wishes to open. When using this mode of access, everything is fine.
However, there is also a pre-authentication ACL, which allows certain types of VPN traffic to reach the Internet without the user being required to accept terms and conditions. The ACL allows ESP, IKE (UDP/500), IKE over UDP (UDP/4500), DNS, HTTPS/SSL (TCP/443), DHCP client and server (UDP/67,68).The pre-auth ACL actually works as intended; and the ACL traffic is NOT allowed when the ACL is removed. This is exactly as it should be.
However, when using, for example, a VPN client such as the Cisco VPN client, or the Cisco AnyConnect client, via this guest SSID without user acceptance, the WLAN regularly and predictably stops passing traffic. This is 100% repeatable and predictable; it happens every 300 seconds, or possibly slightly longer. I have only used my PC clock to time it so the timing isn't all that accurate but I'm sure it's within a few seconds.
Given that the problem happens at the same time interval and is constant, I guessed there must be some configuration item which needs to be altered, but I've looked extensively at the controller GUI (we actually use WCS here) and I can't see anything that looks even remotely related to this.
View 5 Replies
View Related
Nov 1, 2012
Got a bit of a quandary with joining new access points to our 5500 series W LAN Controller. It looks like the LAP is initially able to see the W LAN controller, but after that things go sideways. The LAP is pulling a valid IP address from DHCP, and the W LAN Controller is able to ping it.
In the controller's AP Join Statistics we get this:
Last AP Message Decryption Failure
Last AP Connection Failure -Timed out while waiting for ECHO repsonse from the AP
Last AP Disconnect Reason
[code]...
View 7 Replies
View Related
Feb 14, 2012
Strange issue that our support staff is seeing on our guest WLAN. I have 2 wlans, 1 is production and authenticates our Domain controllers, this is working fine. The other is a wlan that has restricted access internally, I allow http, https and VPN access out only.
It appears that on the guest wlan, after random amount of time an established VPN connection using Cisco VPN client disconnects. Wireless connectivity doesnt appear to go down, just the vpn connection.
On this guest wlan, I have configured QOS bronze and I read a link where this may be affecting the UDP conversation between VPN client and end point.
View 10 Replies
View Related
Sep 25, 2012
I'm new to wireless and I have 7 Cisco 1142N (AIR-LAP1142N-A-K9) APs. But The thing is I have to buy a WLAN controller for these APs. I checked on internet and I found the 2500 series Controllers are compatible with Cisco 1142N (AIR-LAP1142N-A-K9) APs. But I would like to know How can I find the exact supporting version of controller for Cisco Access points?
View 15 Replies
View Related
Apr 17, 2012
We have a set up which includes several air-lap1134n-e-k9 access points. We're having problems with a specific laptop connecting to the WLAN which is accessible via the AP. We can see numerous different SSIDs available and when we connect to either of the two we have set up it says it is unable to connect. One of the connections, let's call it Internet, has Layer 3 security set up. The other connection, Web, has Layer 2 security set up. The laptop can connect to neither. It can, however, connect to other wifi in the vacinity including a wifi hotspot we set up on an Android phone.
The laptop has an Intel Centrino Wireless-N 1030 network adapter with current drivers. The WLAN's we've set up, Internet and Web, are both enabled for 802.11n.
View 2 Replies
View Related
Jun 10, 2013
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
View 4 Replies
View Related
May 11, 2011
I have my wlc 4400 configured with a secure wlan and a guest wlan. The guest wlan is switching traffic at the wlc to a separate guest-wlan interface. When a guest is associated and authenticated, they can access the management console of the wlc which is in a different subnet. As I understand, the wlc does not route traffic. So how could this be happening? the guest subnet and the subnet the wlc management interface is in are different and separated by a firewall. I have also tried applying access lists in the wlc to each interface without luck. How can i stop the wlc from providing access to guest wlan users?
View 3 Replies
View Related
Aug 18, 2011
Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies
View Related
Mar 30, 2013
1 router 881w with a site-to-site VPN connected to a switch and a wireless which allows internal users to access the VPN via wireless (this is like a backup, if the switch fails, then they can use the wireless). Everything's working fine so far. Now I want to configure a second WLAN for guest but I'm not really sure if this configuration will work:
ROUTER:
ip dhcp excluded-address 192.168.100.1 192.168.100.200
!
ip dhcp pool GuestNetwork
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 8.8.8.8
[code]....
If it's not clear I want that everyone that is connected to the guest WIFI receives an IP address from the range I wrote before and then goes directly to the internet.
View 11 Replies
View Related
Nov 3, 2011
Can I limit bandwith for guest in a wlan network with out Wlan controller? and of course, how can I do it?P.S.: I heard something about bronze profile in a wlan controller envoiroment, I need something like that but in an independent AP.
View 3 Replies
View Related
Aug 1, 2012
I've been asked to create 2 wireless networks for guest access. They are to be used by clients of 2 different companies and they have asked for the website of each company to automatically open as a landing page. e.g.
-WLAN1 - password is companyname1 - landing page = www.companyname1.com
-WLAN2 - password is companyname2 - landing page = www.companyname2.com
Is this possible with our 5508 WLC? I have googled it and can see that you can set a web auth page but I need different landing pages depending on which WLAN is connected to.
View 11 Replies
View Related
Feb 23, 2013
I recently setup a 2504 WLC that has two primary WLANs (internal and guest) which get their IP addresses from a central DHCP server using the local router's broadcast forwarding. Things seem to be working well for the internal wlan, but clients on the guest wlan don't seem to be getting IP addresses. If I give the client a static IP they are able to communicate across the wlan okay.
It is worth noting that I am using LAG between the controller and router and this guest wlan is really just a regular wlan (with PSK) that has an access-list applied to force it to the internet only. The access-list should be allowing dhcp requests through, but in any case, I removed the access-list and it made no difference.
Here is a debug client for a machine connected to the guest vlan (vlan 33). The internal wlan is on the 10.10.10.0/24 network (same as wired and same that the AP's are connected to) and the guest wlan is 10.33.0.0/16. I don't understand why I am seeing the dhcp request come from the internal vlan/ wlan first and it gets an IP address on this network. I then see a request on the guest wlan/vlan at which point it appears to get a valid IP address on the guest network (10.33.0.0), but the client never sees this. [code]
View 4 Replies
View Related
Aug 28, 2011
We're looking at deploying both office extend and also a guest wlan. Both would require a WLC in the DMZ.My question is can one 5508 WLC be both a guest anchor and have office extend APs on it at the same time?
View 2 Replies
View Related
Oct 2, 2011
Looking to add time of day restrictions to our Guest WLAN that is currently in its pilot phase.
Is there a way to config time of day access to a WLAN ?
View 7 Replies
View Related
Dec 6, 2012
We are planning a WLAN upgrade and the security policy is to forward wireless Guest user traffic to the DMZ controllers. We are now considering the Virtual WLAN Controller and all AP's will register with the virtual controllers and we will use Flexconnect for Staff and internal traffic that will switch their traffic onto the local switch.
We wish to forward the guest traffic to the DMZ Guest Anchor controller which will be a 5508 controller. This will also offer Office Extend AP service.I have looked at teh virtual controller docs and not very clear if this deployment model is supported. Below is a diagram of what we wish to deploy and is this a supported deployment model.
View 2 Replies
View Related
Sep 19, 2012
My customer has multiple sites, each with a 2504 WLC.A data center with a 5508 in the DMZ acting as Anchor for the remote sites.ACS 5.x and NCS Prime.All guest users will egress to the internet via a Vlan in the DMZ.Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
Is it possible to put a printer in each site for Guest WLAN users to use?
View 3 Replies
View Related
Feb 10, 2013
I want to setup a webpage for my guest network (no authentication) users. When the client connects to the open guest network and upon opening a browser they would be directed to a survey that I would like them to take, if they don't want to take it they can begin browsing to other sites without issue. How do I do this on a my 5508 WLC?
View 12 Replies
View Related
Jul 16, 2011
I tried to extend the Range of the Guest WLAN of the E2000 with several different Access Points vom TP-Link. (Last try: TL-WA901D) The Access Point recognises the WLAN and sometimes it has a connection for a short time. But then the whole WLAN is breaking down, sometimes the Router E200 hangs up, also with the LAN connections. The E200 is connected to a sky-DSL Router and works fine when no additional access point is connected. In the web-Interface of the E2000 I cant setup any specific Guest-WLAN settings.
View 1 Replies
View Related
Feb 8, 2012
I have a wrt54g router and would like to separate the WLAN clients from accessing computers and servers on the LAN... in other words I would like to make it a "guest" network. I've put the router in "router" mode instead of "gateway". I just want to be sure if that is the best thing I can do in terms of turning the wireless network into an isolated one.
View 4 Replies
View Related
Nov 13, 2011
I have a WLC of 4402 and AP's of AIR-LAP1142N-E-K9 . Where am getting problem of that users are complaining that they cannot connect it some times and they used to get disconnected in between.
View 1 Replies
View Related
Jul 24, 2012
When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login is presented. The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear. Can this be bypassed? I am runiing 5508 with 7.0.220.0.
View 12 Replies
View Related
Mar 7, 2012
We have an autonomous AIR-LAP1142N-E-K9 AP with software release version 12.4(25d)JA1. The access point is configured and an SSID is broadcasted. However when users are trying to connect to the AP, authentication seems to be accepted but users are not connected. I suspected the issue in DHCP but even on static IP the user is not connected.I dont believe any LAN issue is there cause I connected a PC to the same interface where the AP is connected and it took an IP from the required VLAN (1234) [code]
View 3 Replies
View Related
Aug 23, 2011
I have deployed a number of AIR-LAP1142N-E-K9 access points at a site, but I have an issue where all access point have defaulted to Channel 1. I have set the perameters on the Lightweight AP Template correctly to allow dinamic power and channel selection. The positioning of the AP's are as per the WCS planning tool.
View 3 Replies
View Related
Jul 18, 2012
I have 2 5508s (foreign and anchor both running 7.2.110.0) with an open WLAN configured via mobility anchors. This configuration works and has no problems. My next task is to incorporate a webauth page (accept/reject) to present the clients with AUP information, etc. On the foreign controller I created a test WLAN (open) and setup webauth Passthrough using the Cisco webauthbundle (wap.html), this works as intended, no issues. However I am at a loss as to how to incorporate the webauth Passthrough functionality on the WLAN that is configured for the mobility anchor.
View 2 Replies
View Related
Sep 5, 2012
We are implementing a new corporate headquarters and have bought a Cisco 5508. I have two connections plugged into the 5508 in ports 1 and port 2. Port 1 is for all internally wireless networks and connects to our core 6500 and use an external DHCP server scopes. Port 2 is for our guest WLAN and connects directly to a public network switch in front of (outside) the firewall. For the guest network, I have setup a vlan on the controller for dhcp and the interface setup to that vlan and dhcp scope built on the controller. how or can I NAT the internally addressing for the guest network to the public IP address on the controller. Essentially I want to drop of guest network traffic outside the firewall and not have to deal with setting up the firewall for any aspect of guest network traffic.
View 1 Replies
View Related
Dec 4, 2012
Older model Inspiron 1545' using the 1397 WLAN card. Has been working fine, until perhaps the past two weeks. Now it frequently drops out, requiring manual disconnect and reconnect. Tonight Internet very slow on that laptop.
There are other devices using the same wifi (including this iPad used to post this), which connect to the wifi and Internet no issue. To me, its pointing to the laptop - either the WLAN card itself, or something in the laptop starting to fail (the laptop does have issues restarting - where it won't do that unless left for say 30 mins).
I'm suspecting a recent windows update or mcafee security update - no other software has been installed or updated.
I've tried changing antenna setting from auto to aux with no change to the above. Have checked for newer drivers - the laptop reports the version we have is the latest ( from 2009) - although they are the windows driver. Running windows 7, 64 bit - as supplied by dell when laptop was brand new. should I give up on the 1397 card and use another USB wifi adapter ?
View 3 Replies
View Related
May 9, 2012
I have two SSIDs on an Autonomous Access Point, that goes to a 2960 switch, that connects to a L3 3560. I have a vlan for admin/private internal access that uses the native vlan (1) and guest vlan (50). I have configured both and I am trying to get both to go out the same Internet connection.
I cannot get the guest access to access the Internet. It looks like my computer will go, but it just comes up saying no Internet access.All interfaces are trunking this vlan properly. I can communicate from the laptop to the 3560 but I just can't get to the Internet.
View 10 Replies
View Related
Feb 11, 2013
I understand you can have a guest wireless setup on the newer Access Points, and trunk (cisco term) the 2 VLANs and seperate them out with Access Control Lists so they don't talk to each other, but I would rather just give the VLAN 480 it's own DHCP from the router.
[code]...
View 6 Replies
View Related
Jan 28, 2012
Is it possible to provide wireless guest access over the WAN from another office via the WLC. I have WLC 5508 in a central office and have other remote offices that have one Access Point in each office that are autonomous; I will be converting these to LWAPP. Is it possible to route guest traffic back to the WLC then forward this traffic out to the internet? How would I route this traffic out as well? install a secondary WLC in the DMZ and use anchor points. I only have one WLC
View 7 Replies
View Related
Oct 11, 2012
It's my intention optimize our business WiFi network.Actually we don't have a "Guest" access.Probably WAP321 should be the best solution for us.We will need 3 WAP321 to cover offices area.I have different questions/doubts about Captive Portal functionality.using 3 different WAP321 everyone has the "captive portal" feature, or you can configure only one of the three the feature of "captive portal"?if is possible to configure only one of three the feature of "captive portal", the others WAP321 trusting the authentication?what is the ip address released from the "Captive Portal"?all Guest user have the same username and password?
View 1 Replies
View Related
Dec 2, 2012
We have a 2106 that was configured by a former employee. No one left in the company is qualified to configure it. The wireless guest access used to work fine. We'd configure a guest user account. They would connect to the guest wireless, open a web browser and login. For some reason now there is no prompt for login. People can connect to it and get an IP address, but that's it. No login prompt or anything else from there.User Login Policies was set to 0 and I put it to 8. That didn't do anything. Under Web Auth > Web Login Page it's set to Internal (Default).
View 5 Replies
View Related
Feb 3, 2013
I'm looking to implement guest WiFi access with web authentication on one of our 5508 WLC (currently deployed within a sandbox environment), but looking for some assistance. The WLC currently has a single connection from port 1 to the 'Test Site 2' switch. This is a dot1q trunk. On the WLC, the interface (for port 1) is configured as follows: [code] Currently, I have one WLAN configured with the profile name 'Guest Test 1', it's enabled and broadcasting the SSID. Security is L3 only with web authentication configured. The WLAN is configured to use the interface names "guest_wifi".
The issue is that when a client connects to the WLAN, it receives an IP address okay (10.99.254.x address), but doesn't seem to be able to contact the WLC to get the web authentication page. Eventually, the WLC terminates the connection due to an authentication failure.does it sound like I'm taking the correct approach here? The idea is that clients connect to the guest WLAN, which puts them on VLAN 99 and routes traffic through to the ASA and then onto the internet.
View 13 Replies
View Related