Can I set up a guest wifi connection on my Cisco WLC 2504 if I already have WLANs set up inside my corporate network? I want to use port 4 and connect it directly to my ISP so that it is outside of the corporate network. I set up an interface with a valid IP from the ISP and created a "Contractor" WLAN to use that interface.
View 6 RepliesI have setup guest access on the controller and this is not working at the moment.
DHCP server setup on the controller for the Guest users.
You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
Cant we create a guest user login with more than 30 days lifetime? In the lifetime field we can enter maximum 99 but it only allows up to 30
View 5 Replies View RelatedI recently got my Cisco wireless system working a few days ago and am back with a guest network. Our wireless system includes one 2504 controller and 2 2602i access points. So, I want a wireless guest network completely isolated from the LAN.
Here is what I have done.
I have created a new internal network and assigned 192.168.2.1 to an unused port on the firewall and 2.2 to a new controller interface with vlan 10. I can ping both 2.1 and 2.2 from the firewall and the controller. Basic network connectivity is working. The DHCP server is setup on this same firewall and configured only for this port. This address is referenced in the controllers interface.
A new w lan was setup and enabled. The proper interface group was selected on the w lan. I have left the default layer2 security.
As far as AAA servers tab in this wlan, this is where I am a little confused. I wish to just have a single log in for this guest network. I wasn't sure what to do so I went over to the Security tab and created a "local net users" account. I do not know how to reference the use of this under wlan, security, aaa servers. Should I check the box that says "local eap authentication"?? If so, I don't have a profile name in the drop down. What I'm looking for is the username/password to be stored locally on the controller itself since there will be only 1 account.
Under wlan, advanced tab, I do not have "Allow AAA override" checked. Should I?
Lastly, when I try to connect the client, it is not pulling a dhcp address. I wasn't sure if authentication was required before dhcp or the other way around so I'm not sure what to trouble shoot first, authentication or dhcp.
I have 2 APs, Cisco Aironet 1040, and 2504 WLC.Is it possible to configure guest access (Guest SSID/VLAN and Corporative SSID/VLAN) without dedicated guest WLC in DMZ?
View 4 Replies View RelatedI have a cisco wlc 2504 is deploying authentication services to guest users toward a portal web customized and configured. I need to install my certificate verisign (certificate.cer) in to cisco wlc because my users don't like the page no trusted (The wlc is showing me ''There is a problem with this website's security certificate'') when they are trying to access to ssid to users guests.
View 2 Replies View RelatedI have setup guest access on the controller and this is not working at the moment. DHCP server setup on the controller for the Guest users. You are able to connect (get ip address from controller) and the browser gets redirected to 1.1.1.1 but then page can not be displayed instead of the login page.
View 10 Replies View RelatedI recently setup a 2504 WLC that has two primary WLANs (internal and guest) which get their IP addresses from a central DHCP server using the local router's broadcast forwarding. Things seem to be working well for the internal wlan, but clients on the guest wlan don't seem to be getting IP addresses. If I give the client a static IP they are able to communicate across the wlan okay.
It is worth noting that I am using LAG between the controller and router and this guest wlan is really just a regular wlan (with PSK) that has an access-list applied to force it to the internet only. The access-list should be allowing dhcp requests through, but in any case, I removed the access-list and it made no difference.
Here is a debug client for a machine connected to the guest vlan (vlan 33). The internal wlan is on the 10.10.10.0/24 network (same as wired and same that the AP's are connected to) and the guest wlan is 10.33.0.0/16. I don't understand why I am seeing the dhcp request come from the internal vlan/ wlan first and it gets an IP address on this network. I then see a request on the guest wlan/vlan at which point it appears to get a valid IP address on the guest network (10.33.0.0), but the client never sees this. [code]
My customer need creates some separately web portal for some SSID (Guest and Staff), 01 web portal for Guest and 01 Web portal for Staff. Can WLC2504 can support this features ?
View 2 Replies View RelatedMy customer has multiple sites, each with a 2504 WLC.A data center with a 5508 in the DMZ acting as Anchor for the remote sites.ACS 5.x and NCS Prime.All guest users will egress to the internet via a Vlan in the DMZ.Authentication is currently web-auth on the Anchor, but will move to NCS once that is fully deployed.
Is it possible to put a printer in each site for Guest WLAN users to use?
We are deploying 3600 AP's with a 2504 and would like to create multiple SSID's that are mapped to unique VLANs so we can control the traffic at the Firewall. We have the 2504 up and running with AP's but there appears to be no where in the 2504 controller Web GUI to configure a VLAN mapping to an SSID. Any pointers to documentation on how to configure?
View 1 Replies View RelatedIs there any way to configure a wired guest network with a combination of 5508 and 2504 wireless controllers? I am aware that the 2504 does not have wired guest functionality, however is it possible to set up a wired guest on the 5508 and using mobility anchors, transmit the l2 information through eoip to communicate with the remote vlan?Home built NAC solution, using 802.1x authentication on switchports for public areas. If user is an employee, communicates with the supplicant on their machine, and places them on an internal vlan.If user is a guest, user fails 802.1x check and is placed on a "guest" vlan with an ACL and external DNS.If placed on the guest vlan, the user has to accept a terms of use form.This is working currently with our 5508s without any issue, however we have some remote offices we'd like to roll this out to that are using 2504 controllers. I'm hoping there's a way that I can use the 5508 as an anchor or vice versa to make this work.
View 1 Replies View RelatedI installed a WLAN with a WLC 2504 and 1140 APs. My network is configured the following way. 10.10.X.X/8. Port 1 on my WLC has the following interfaces management with the ip address 10.10.X.5 and the virtual interface. I have one secure SSID on the management interface. DHCP is done on my Sonicwall firewall. I was advised to create a second interface called AP-Manager and i have the following questions:
1. Do i create a new port or do I create the AP-Manager interface on the same port as my other interfaces?
2. Once i create the new interface of AP-Manager, will my APs migrate over to this interface?
3. Do i need to create the AP-Manager interface or leave all my AP's on the management interface?
4. Second do I need to create a services interface and if yes, on port 1?
I also need to create a guest network that would have the ip scheme of 172.16.X.X and have the guest authicated by level 3 web authication.
1. Do i create my guest interface on port1 or create a new port?
2. DO i need to point my DNS of the interface to the virtual interface.
I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch. I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access. Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
I have a 2504 WLC and x6 1142 AP's and currently have this working on our corporate network (still in test phase). So far so good and looking at authentication via radius next for this.
We have a separate ADSL connection that is external to the corporate network and what i would like to do is based on SSID (in this case i'll use "Guest Access") i would like any clients etc that visit to be able to connect to our wireless but not be able to connect to our corporate network.
I would like to setup a 2504 to have one Guest WLAN and one Staff WLAN with a controller port for each WLAN connected to different devices.
I would prefer to connect the WLC Guest port to an ASA 5510 and the WLC Staff port to an internal 2960S switch. Will this work? I haven't setup a 2500 series controller previously.
We have a WLC 2504 which has been configured, however our old admin left and we can not access this device. We verified our serial connection works - 9600; 8bits; 0 and none works on other devices. When we connect (via Console) we get a blank screen with a blinking cursor. We can't get to it from GUI/Web as well. Tried depressing the reset button and we see the LED's flash from yellow to green, but still no access. Our web search has not produced any useful ideas.
View 2 Replies View RelatedWe have a 2504 WLC and 8 352l AP. All AP are working and can be seen in the WLC except 1. It can grab an ip address but cannot see on the WLC. the show AP join...only shows that it is trying to join but no error indicated. A debug cap swap events didn't show the ip add.
View 7 Replies View RelatedI am currently experiencing an issue with a WLC that I am trying to connect 3 new Access Points to of the type AIR-LAP1142N-E-K9 running Cisco IOS Software, C1140 Software (C1140-RCVK9W8-M), Version 15.2(2)JA
I had the controller on firmware 7.0.220.0 and just upgraded to 7.3.101.0 in the hopes to solve my issue. The already connect APs running 12.4 was upgraded without any issues (apart from one - I'll get to that one) and it is now running as before. But the issue with the 3 new APs still persists. I have supplied a screenshot of the AP Join page.
Another issue that arose from the said upgrade was that a previously shutdown AP (of the same type and software version as the ones that upgraded perfectly) got turned on after the WLC firmware upgrade and is now not able to join the controller.
I have both working in a cluster and traffic is flowing but now I desire to seperate my intranet from internet guest traffic only. Having an issue with understanding how to accomplish this task. I have one 2003 server in the intranet that supports DHCP and using a private network address.
View 4 Replies View RelatedI have an E1000 router that's been fine until a few weeks ago. I have access but my guests are unalbe to get access. One of my guests looks like she's connected but can't acess the internet.
View 1 Replies View RelatedJust installed a refurb EA4500 this past weekend after testing it for a week. The regular wireless network is very stable, but not much faster than my single-band DLink DIR655. Guest network seems to drop out from two connected iPhones, and when the connection drops, you have to re-login and type in the guest password everytime. The linksys firmware is up-to-date( Linksys smart wifi)and so are the iOS on the 2 iPhones. Just to add, on my old DLink, the guest network comes up secured also, so when you type in the passcode, it remembers it next it comes in range unlike the Cisco, which requires login at a web interface.
View 3 Replies View RelatedAny problems with the guest network on the ea4500 with the cloud firmware? I am losing guest clients after about 24 hours and the re-authentication fails. you enter the guest password and nothing happens until you reboot the router.
View 2 Replies View RelatedI just bought a E1000 and connected it to my cable modem. I can connect to the internet with my wired PC and wired Xbox 360 with no problems. For some reason on my wireless laptop I can only connect to the internet by the Guest connection. When I connect to the regular router SSID I get local only access, no internet.
View 2 Replies View RelatedIs it possible to allow certain websites to bypass the web authentication pages, so that they do not need to authenticate to get to our own website, but do have to if they wish to go anywhere else?Looking at a 5508 model at the moment
View 4 Replies View Relatedi am loaning my laptop to a friend to use while traveling and I have created a "guest user" account so he doesn't have to go through my home pages and personal files. Well, whenever this account is being used, there is no WiFi connection logo and so it cannot be connected to the internet via WiFi...
View 1 Replies View RelatedI have a DIR-825 (hardware rev B1, v2.06 firmware) with 2 guest networks active (one on each frequency). I recently attached a laptop to the network using the computer's PCI NIC, with the wireless card completely turned off. Much to my surprise, Windows (7 Pro) indicated that I was connected to the 2.4GHz guest network. The only place in the router's configuration where the indicated name appears is in the "Guest zone" configuration page, where it asks for an SSID to use for the "wireless guest zone". Not only that, but it was the only connection that I could get for the computer, unless I turned the wireless card back on. That's also interesting because no other computer on the network, connected via cable, displays any "named" connection when viewing the networking properties. They simply show "Network" as their connection.
View 1 Replies View RelatedI want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 Replies View RelatedWhy a 2504 Poe? If it can not be used for AP.
View 10 Replies View RelatedI'm planning to upgrade our WLC 2504 from 7.2.111.3 to 7.4.100.0 but the cisco site says "WLC Version 7.4.100.0 will need Prime Infrastructure Version 1.3 to be managed, Version 1.3 is not yet available to download at this point of time" Is it something about NCS? we have only 1 cisco WLC 2504 and 6 1142APs.. Also let me know is it possible to go directly from 7.2 to 7.4 ?
View 8 Replies View Relatedwhat is the maximum number of APs supported on Cisco 2504 WLC?According to the Data Sheet it is 75:
[URL]
But according to the config guide it is 50:
[URL]
I believe the correct number is 50, but I just want to be sure.Is this a software limitation?
I've problem with a WLC 2504. Some Clients like phones and Thin Clients get an IP 0.0.0.0.Software Version is 7.0.235.0. Test with a Laptop seams to be OK. Some printers also got an 0.0.0.0.Around 30% are not OK. also had the log: Impersonation of AP with Base Radio MAC 00:yy:yy:yy:yy:yyusing source address of 00:xx:xx:xx:xx:xx has been detected by the AP with MAC Address: 00:yy:yy:yy:yy:yy on its 802.11b/g radio whose slot ID is 0 The problem is, I cannot go to 7.2 version because I have 2 x AP 1231 and 2 x 1242 AP's.1231 AP's are not anymore supported in 7.2 Version.
View 14 Replies View RelatedI have two WLC 2504 controllers. These controllers are for two different buildings. But they share a VLAN, and network address range. How can I control the access points to the register selected only at a specific controller.
Example:
AP 1 -> WLC 1
AP 2 -> WLC 2
AP 3 -> WLC 1
Since the buildings also broadcast in different SSID. The two controllers are in a mobility group.