Cisco Wireless :: Configure A Wired Guest Network With A Combination Of 5508 And 2504 Wireless Controllers?
Apr 7, 2013
Is there any way to configure a wired guest network with a combination of 5508 and 2504 wireless controllers? I am aware that the 2504 does not have wired guest functionality, however is it possible to set up a wired guest on the 5508 and using mobility anchors, transmit the l2 information through eoip to communicate with the remote vlan?Home built NAC solution, using 802.1x authentication on switchports for public areas. If user is an employee, communicates with the supplicant on their machine, and places them on an internal vlan.If user is a guest, user fails 802.1x check and is placed on a "guest" vlan with an ACL and external DNS.If placed on the guest vlan, the user has to accept a terms of use form.This is working currently with our 5508s without any issue, however we have some remote offices we'd like to roll this out to that are using 2504 controllers. I'm hoping there's a way that I can use the 5508 as an anchor or vice versa to make this work.
View 1 Replies
ADVERTISEMENT
Feb 14, 2013
I have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
View 2 Replies
View Related
Oct 3, 2012
Could I setup wired guest Internet connection without layer 3 web authentication and how?I want guest users access Internet without going through web authentication.
View 2 Replies
View Related
Dec 4, 2012
I setup a guest wired network on the WLC 5508 with 7.2.110. A postage machine can only be setup for static IP address over guest wired network. Is any one how to get it configure on the WLC 5508?
View 3 Replies
View Related
Jan 24, 2013
I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies
View Related
Jan 28, 2012
I have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centers with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
This is how I tried to distribute :
network. 10.1.0.0/23
gateway: 10.1.1.254
Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254
Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
As the user load balancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP load balancing and having full redundancy at the same time?
View 3 Replies
View Related
Jul 10, 2011
which is the maximum number of simultaneous wired guest clients on a 5508? And in a 2112 controller?
Wired clients count as wireless clients??
What about anchoring limitations, what is the effect of wired guest clients on the anchor controller?
View 2 Replies
View Related
Jan 28, 2013
I recently got my Cisco wireless system working a few days ago and am back with a guest network. Our wireless system includes one 2504 controller and 2 2602i access points. So, I want a wireless guest network completely isolated from the LAN.
Here is what I have done.
I have created a new internal network and assigned 192.168.2.1 to an unused port on the firewall and 2.2 to a new controller interface with vlan 10. I can ping both 2.1 and 2.2 from the firewall and the controller. Basic network connectivity is working. The DHCP server is setup on this same firewall and configured only for this port. This address is referenced in the controllers interface.
A new w lan was setup and enabled. The proper interface group was selected on the w lan. I have left the default layer2 security.
As far as AAA servers tab in this wlan, this is where I am a little confused. I wish to just have a single log in for this guest network. I wasn't sure what to do so I went over to the Security tab and created a "local net users" account. I do not know how to reference the use of this under wlan, security, aaa servers. Should I check the box that says "local eap authentication"?? If so, I don't have a profile name in the drop down. What I'm looking for is the username/password to be stored locally on the controller itself since there will be only 1 account.
Under wlan, advanced tab, I do not have "Allow AAA override" checked. Should I?
Lastly, when I try to connect the client, it is not pulling a dhcp address. I wasn't sure if authentication was required before dhcp or the other way around so I'm not sure what to trouble shoot first, authentication or dhcp.
View 8 Replies
View Related
Apr 11, 2012
We find that some of the utilized iPads (iPad2, iOS 5) have a significant delay to connect to the WiFi after waking up.. though some of them show the WiFi-icon instantly after wake-up.. That is causing the crestron App on it to "malfunction", which is to say that it can't connect to it's server and goes back to home screen to allow re-connect..
WLC and LAPs using the latest software (7.2.103.0).. encryption is WPA2/PSK..
I changed the WLAN to use 802.11g only.. changed Beacon-Time.. changed encyption.. changed WMM settings..Alas, the iPads that expose this behaviour do not show any difference with the changes..
View 3 Replies
View Related
Aug 6, 2012
I am configuring two 2504 controllers, which I ordered together, however they run different software versions and I don't have a contract/ login to download wlan controller software from the Cisco website. The one with the newest version runs 7.2.103.0 while the other one runs 7.0.220.0 I want to run them together in the same subnet and use them for redundancy (10 AP's will connect).
Is there a way I can download the software from the controller, just like I am able to do with an ASA firewall? Then I can upload it to the controller with the older software version.
View 3 Replies
View Related
Jun 9, 2012
If we have 2 Cisco 2504 series wlcs and use multicast features in both and both are primary and secondary for LAPs. what about of we use multicast ip address let's say 255.239.1.60 can we use the same ip address for the secondary controller too or we should use any other ip ?
View 7 Replies
View Related
Feb 18, 2013
What's the least expensive way to enable Guest Network authentication in a network with WLC 4404 controllers and no WCS? Management would like guests to register with a valid email address and enter a 'password du jour' to keep unauthenticated users from chewing up bandwith with automatic connections.
View 4 Replies
View Related
Dec 6, 2011
Our controller get freezing every week at least twice, and do not know what is the reason. I am attaching the log for you to look at it. Last time happened was yesterday at around 13.00 pm.
View 15 Replies
View Related
Mar 10, 2013
I am setting up two 5508 controllers, one in HA mode, and one the primary for the remote sites in question. I plan to have these units service wireless for MPLS conected regional sites (each with their own local subnet). I was planning on using the cabled hosts network in each site for the wifi addressing and was thinking a different addressing for Guest Access, is this common? I'm obviously concerned with guest access clients but don't know enough how their trafiic is segregated from normal wifi traffic.
Also, when I stand up the controllers the management interface and ap-manager won't be in the same network as where the hosts or LWAP's will reside (routing access will exist though).
View 6 Replies
View Related
Jun 11, 2013
We have 2 Cisco 5508 WLCs, each wtih 50 licenses. What I would like to do is split the 50 odd APs between the 2 controllers load balancing the traffic. If a controller goes down or there is a break in the path all APs would failover to their configured secondary controller. So far so good.
However there seems to be no way to 'replicate' the configurations between controllers unless I setup HA , but as I understand it HA is Active /Passive, so essentially, unless you get a failover situaltion, completely 'redundant'.
Is there a way or either replicating between controllers automatically with out HA, or is there a way of making HA Active / Active?
View 3 Replies
View Related
Sep 1, 2011
I have two 5508 and one WCS server, the controllers are in one mobility group.Now I have to change the management IP addresses on the controllers. What are the correct steps to do this?
View 9 Replies
View Related
Aug 12, 2012
I'm looking into upgrading our 4400 series controller to 5508's. Currently we have a few sites that have 8-9 4404 100AP controllers and I'm looking to condense these down to either 3 5508-500 or 5 5508-250 depending on cost. I'm wondering what a good port to AP ratio is for controllers with licenses that can handle over 100 AP's. I know the general rule of thumb is 25 AP's per port, but that seems to me to be 4400 way of thinking. I'm trying to also reduce the controllers overall footprint, i.e. ports on the uplink switch, power consumption, rack space etc.
View 5 Replies
View Related
Aug 28, 2012
I am planning to move our WLC's (5508) from a branch site to HQ so that all branch site APs will just report centrally in the HQ. There are two WLCs working as Active/Standby. Plan is to move one then the other. I am not really inclined with wireless.
View 9 Replies
View Related
Aug 1, 2012
--- I have 2 WLC's 5500 that I have to set up on my network with the same configuration except I am not sure that they can be load balanced.
-- My only thought is to take a full class C and on each WLC set up a /25, thus each device can provision 120 IP's
--- This seems a bit archaeic, but is there anything else smarter to do? Can they be load balanced?
View 9 Replies
View Related
Jun 21, 2012
We are installing a set of 5508 controllers at one site in Tennessee. At another divisional site we have another controller that covers that division.
Both sites utilize the same DNS structure and would like to use the DNS entry CISCO- CAPWAP- CONTROLLER entry for bringing new AP onto the controllers at their sites, how would we go about configuring this?
View 6 Replies
View Related
Jan 29, 2013
I am setting up a new Guest network with a captive portal and it seems to all work fine except when Apple devices go to sleep. When they come back on it isn't just a case of logging in again as it just indicates to the client that it is still connected and won't present the login page again. The Controller will show the client as auth required. So far the quickest way has been for me to delete the network on iPads and re-enter my settings or create a new profile on a Macbook and join again. I have also had some success when doing a manual DHCP refresh on my Macbook which sometimes seems to kick the Controller into action so it presents the login page to the client again. Whether it is related to the timers on the Controller (5508 running code 7.0.235.3) or - as I just read in another post by Leo - the 20 minute timeout that all Apple devices have built in to conserve battery life
View 3 Replies
View Related
Nov 10, 2011
Just recently upgrade our 2 5508 controllers from 6.0.199.0 to 7.0.116.0. Since that upgrade, I have a handful (8 to 10) of wireless laptops that now refuse to associate to any access points. The thing these laptops all have in common is some variation of the Intel Wifi Link AGN cards. I have about 200 other clients out there working just fine.
I've tried everything under the sun that I can think of. Patches, drivers, the whole sh'bang.
Is there a known issue with 7.0.116.0 and these particular cards?
View 17 Replies
View Related
Feb 1, 2013
The situation is Main house running Linksys EA4200, I have a garage apartment rental that is to far away to receive the wireless guest network.I ran a cat5e to the apartment, can I configure the EA4200 to allow the WAP54G access point to use the guest network? I want to prevent my renters from having access to the home network, but just have basic internet access separate/outside my network.
View 6 Replies
View Related
Jan 21, 2013
I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch. I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access. Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
View 5 Replies
View Related
Nov 28, 2012
Can I set up a guest wifi connection on my Cisco WLC 2504 if I already have WLANs set up inside my corporate network? I want to use port 4 and connect it directly to my ISP so that it is outside of the corporate network. I set up an interface with a valid IP from the ISP and created a "Contractor" WLAN to use that interface.
View 6 Replies
View Related
Nov 19, 2012
I have a 2504 WLC and x6 1142 AP's and currently have this working on our corporate network (still in test phase). So far so good and looking at authentication via radius next for this.
We have a separate ADSL connection that is external to the corporate network and what i would like to do is based on SSID (in this case i'll use "Guest Access") i would like any clients etc that visit to be able to connect to our wireless but not be able to connect to our corporate network.
View 4 Replies
View Related
Jun 4, 2012
I have setup guest access on the controller and this is not working at the moment.
DHCP server setup on the controller for the Guest users.
You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
View 2 Replies
View Related
Mar 17, 2012
Is there a way to configure one of the GigE ports on the E4200 to only work on the "guest" network? Basically I have a need to setup one of those ports to get to the Internet, but I don't want it to be able to get to anything else on the private side.
View 1 Replies
View Related
Sep 19, 2012
Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
View 5 Replies
View Related
Apr 3, 2012
I have 2 APs, Cisco Aironet 1040, and 2504 WLC.Is it possible to configure guest access (Guest SSID/VLAN and Corporative SSID/VLAN) without dedicated guest WLC in DMZ?
View 4 Replies
View Related
May 7, 2013
I have a cisco wlc 2504 is deploying authentication services to guest users toward a portal web customized and configured. I need to install my certificate verisign (certificate.cer) in to cisco wlc because my users don't like the page no trusted (The wlc is showing me ''There is a problem with this website's security certificate'') when they are trying to access to ssid to users guests.
View 2 Replies
View Related
Jun 4, 2012
I have setup guest access on the controller and this is not working at the moment. DHCP server setup on the controller for the Guest users. You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
View 10 Replies
View Related
Jan 17, 2010
Recently I sold a rv082 router to a client.He uses a Windows XP environment to dail in using QuickVPN.A week ago an office admin wanted to connect using Windows 7 and it does not work.The client starts do dial and connects but the connection does not work.The admin does not use a router and there is no active software firewall.
View 3 Replies
View Related
