I want to prevent guest from doing peer - peer communication on my Guest (5508) controllers. Is this a feature on the WLC or only by applying an ACL on the router interface?
View 2 RepliesI have two 5508 WLCs. Both have APs attached to them. If I create a guest account with the lobby administrator on one, will that user account be able to log in to the network if the client is attached to the ohter WLC? So far, I have found that I need to create the same user on both WLC's, in order to have the user login.
View 2 Replies View RelatedI have 2 x Redundant Guest Anchor Controllers (5508) located in 2 separate Data Centers with all the management and guest user VLAN spanned between two. Everything is working fine with the Guest WiFi access except the DHCP functionality as the Controllers are acting themselves as the internal DHCP Servers.
This is how I tried to distribute :
network. 10.1.0.0/23
gateway: 10.1.1.254
Controller 1, DHCP Server pool: 10.1.0.2 - 10.1.0.254 Gw: 10.1.1.254
Controller 2, DHCP Server pool: 10.1.1.2 - 10.1.1.254 Gw: 10.1.1.254
As the user load balancing between the Anchor Controllers cannot be controlled (i.e. they are active/active), the same client sometime getting 2 different IP addresses from both the Controllers (as they do not talk to each other in terms of DHCP) hence depleting the pool addresses.
I guess one way of solving this is to just run 1 DHCP server in one of the controllers but that defeats the purpose of having N+1 Controllers. Is there a better way of doing the DHCP load balancing and having full redundancy at the same time?
I am working on wi-fi networks (ISP), So I need to block the peer to peer on my network.My network involves cisco switch 2950/2960, cisco 2800 routers and Access Points, config for peer to peer blocking, for this where I need to config either switches or router.My network basic setup is, The internet will pass from router to switch and then Access Points.
View 1 Replies View RelatedI got ASA 5510 with base license, can I block all Peer-2-Peer traffic from inside to outside.
ASA Giga 0/0 connected to ISP Router 2811
ASA Giga 0/1 connected to LAN switch 3560
I see that Application protection - blocking peer-to-peer file sharing traffic is a capability of Cisco IOS Firewall. How do i configure my Cisco 2911 ISR to block peer-to-peer file sharing traffic?
View 1 Replies View RelatedI am facing issues in blocking Peer to Peer applications in LAN. I am using 881 Cisco router and below is the config done. [code]
View 1 Replies View RelatedI recently bought the WAG320N can I block Peer to Peer file sharing on my Network?
View 3 Replies View RelatedI bought my WAG320N, I too have the internet drop out and from reading in here is a very common problem. Cisco really should bring out a new firmware version and address this issue. Any way you can block peer to peer file sharing with the WAG320N? If so how do you go about it?
View 1 Replies View RelatedOne of the schools whose networks I administer has a peer to peer network running about 30 xp machines. DHCP is achieved and DNS settings distributed via a basic Linksys router; is there any way of distributing proxy server address and port short of entering manually in LAN settings of IE on every terminal - there is no budget to install a server.
View 4 Replies View Relatedi just set up my 2Xp pc's and one windows7 laptop peer to peer for file and printer sharing but i can not configure internet connection for those pc's
View 2 Replies View Relatedi want to set up my two computers /win xp/ installed using peer to peer network , just tell me the needed steps
View 2 Replies View RelatedIs there any way to configure a wired guest network with a combination of 5508 and 2504 wireless controllers? I am aware that the 2504 does not have wired guest functionality, however is it possible to set up a wired guest on the 5508 and using mobility anchors, transmit the l2 information through eoip to communicate with the remote vlan?Home built NAC solution, using 802.1x authentication on switchports for public areas. If user is an employee, communicates with the supplicant on their machine, and places them on an internal vlan.If user is a guest, user fails 802.1x check and is placed on a "guest" vlan with an ACL and external DNS.If placed on the guest vlan, the user has to accept a terms of use form.This is working currently with our 5508s without any issue, however we have some remote offices we'd like to roll this out to that are using 2504 controllers. I'm hoping there's a way that I can use the 5508 as an anchor or vice versa to make this work.
View 1 Replies View RelatedWLC 5508 running 7.0.98.0
Site was running fine until the WLC had a hardware failure.
A new WLC was shipped out, was running 6.0.99 then manually upgraded to 7.0.98. Clients cannot authenticatewith recurrent logs messages like this.
*dot1xMsgTask: Feb 23 17:05:03.648: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:2914 Max EAP identity request retries (3) exceeded for client 00:21:5c:<snip>*spamApTask0: Feb 23 17:05:01.926: %DTLS-3-HANDSHAKE_FAILURE: openssl_dtls.c:629 Failed to complete DTLS handshake with peer 192.168.214.91
I have tried changing the key on the radius server to no avail.
What's the least expensive way to enable Guest Network authentication in a network with WLC 4404 controllers and no WCS? Management would like guests to register with a valid email address and enter a 'password du jour' to keep unauthenticated users from chewing up bandwith with automatic connections.
View 4 Replies View RelatedWhat is difference between Peer to Peer network and point to point network???
View 5 Replies View RelatedAny problems with the guest network on the ea4500 with the cloud firmware? I am losing guest clients after about 24 hours and the re-authentication fails. you enter the guest password and nothing happens until you reboot the router.
View 2 Replies View RelatedWe currently tunnel guests to a 4402 that sits behind our firewall and it's been working well for a few years but I am aware that the 4402 is now EoL so I am exploring alternatives:
We also have several 5508s deployed and I'm wondering if - in any new guest access config - I can allocate one of its free h/w ports to connect to the firewall, even though the 5508 is configured to use LAG.
To put it another way can I configure a new port to a seperate VLAN and not be part of the the LAG'd ports or are you tied to having all ports acting as a group if LAG is switched on?
Is it possible to provide wireless guest access over the WAN from another office via the WLC. I have WLC 5508 in a central office and have other remote offices that have one Access Point in each office that are autonomous; I will be converting these to LWAPP. Is it possible to route guest traffic back to the WLC then forward this traffic out to the internet? How would I route this traffic out as well? install a secondary WLC in the DMZ and use anchor points. I only have one WLC
View 7 Replies View Related, I have a requirement by a customer that they will want to monitor the guest wireless access. Currently, we are proposing a Cisco Wireless Controller 5508 together with APs and the setup would be a dedicated VLAN for guest. I am wondering if Cisco ISE together with Cisco MSE would be sufficient?
Stuff to monitor and log are:
1. Guest username (I guess this would be self sponsored)
2. Company name
3. Websites accessed
4. Time, date and duration.
5. Logs are to be kept for 3 months at least.
Strange issue that our support staff is seeing on our guest WLAN. I have 2 wlans, 1 is production and authenticates our Domain controllers, this is working fine. The other is a wlan that has restricted access internally, I allow http, https and VPN access out only.
It appears that on the guest wlan, after random amount of time an established VPN connection using Cisco VPN client disconnects. Wireless connectivity doesnt appear to go down, just the vpn connection.
On this guest wlan, I have configured QOS bronze and I read a link where this may be affecting the UDP conversation between VPN client and end point.
I'm looking to implement guest WiFi access with web authentication on one of our 5508 WLC (currently deployed within a sandbox environment), but looking for some assistance. The WLC currently has a single connection from port 1 to the 'Test Site 2' switch. This is a dot1q trunk. On the WLC, the interface (for port 1) is configured as follows: [code] Currently, I have one WLAN configured with the profile name 'Guest Test 1', it's enabled and broadcasting the SSID. Security is L3 only with web authentication configured. The WLAN is configured to use the interface names "guest_wifi".
The issue is that when a client connects to the WLAN, it receives an IP address okay (10.99.254.x address), but doesn't seem to be able to contact the WLC to get the web authentication page. Eventually, the WLC terminates the connection due to an authentication failure.does it sound like I'm taking the correct approach here? The idea is that clients connect to the guest WLAN, which puts them on VLAN 99 and routes traffic through to the ASA and then onto the internet.
could i create new guest accounts via CLI? i know that via GUI with lobby embassador account i can create them. I have WLC 5508 (7.0.116).
View 7 Replies View RelatedI have the following
WCS: Version 7.0.164.3 and WLC 5508 Software Version7.0.116.0 And cannot import it. I have 2 more WLC 5508 (same version) already imported in WCS with no issue. Have run debug on the DMZ WLC and can see the snmp request coming through when I try to import it. Firewall rules are fine, ran a tcpdump and the WLC returns snmp values back. snmp credentials and routing is fine, can ping both in both ways.
Always comes up with the following error.
IP Address TypeStatus 203.14.70.91Failed to add device to WCS Reason: Object not found in device
Why do need Cisco NAC guest server when we have WLC 5508 already configured. The Guest user access can be given by the WLC itself too. We can create users in WLC also and grant access to the user to access internet for specific time frame. My query is - what is so different in Cisco NGS that it is considered good in terms of Guest users access. What are the advatages of NGS.
View 4 Replies View RelatedI working with guest accounts on a WLC 5508.if there is possibilty to print out the account information directly from the controller. If possible how to print out this accounts ?
View 3 Replies View RelatedWhere do you turn this option off? i have looked under security and did not see any thing.
View 1 Replies View RelatedI have a requirement to set up a guest SSID for contractor so that they can use the internet while in the office.
Security say that all traffic on this SSID should be isolated and directed straight to the firewall, with no chance of contamination into the company network infrastructure.
With the 5508, my understanding is using the setting up a guest account functionality built in will achieve this, but all traffic would end up at the wireless controller. How do I then put a direct forward for all traffic to the firewall which will only affect the guest traffic?
I have set up a Guest Portal with WLC 5508 7.4 and ISE 1.1.1 ;everything is OK, except one thing: the Guest VLAN, associated to the Guest SSID is, actually, a DMZ behind my customer firewall and the DHCP parameters provided to the wireless Guest equipement connected on this VLAN include the public ISP DNS servers addresses, not the customer internal DNS serveurs addresses;this seems OK since the idea of this Guest SSID is to give a pure Internet access to the Guests, and no connection at all towards the customer internal servers;
the problem is that, when the wireless guest receives the redictect URL from ISE (URL to access the ISE Guest Portal), this URL is based on the ISE DNS name, not on its IP address; so, the PC can't resolve this internal DNS name by using the ISP DNS servers addresses provided by the DHCP server, and, so, it can't access the Guest Portal at all ;Apart from changing those DNS values in the DHCP server (the customer does not accept this solution), how could we solve this problem ?I have tried to code manually , in the CWA Authorization profile, the equivalent URL redirect via the CISCO av-pair as follows : [code] but, it does not work, since the sessionIdValue variable is not replaced by its real value when sent to the wireless client
I just got a new requirement for our wireless roll out and I need some help. Plan the best way to provide employee and guests wireless access w/ the guests separate from the production environment.
We have a 5508 controller w/ 1142 APs. I have two GBICs in the interfaces (only one is being used). I want to use a back haul connection for the guest access. I am having a hard time in visioning how to physically set up the cabling from the patch panel. Again, the requirement is to not allow guest users to connect to our production network but I still want/need to manage the AP. This will eventually need to be supported for remote sites tunneling back to the primary location.
We are implementing a new corporate headquarters and have bought a Cisco 5508. I have two connections plugged into the 5508 in ports 1 and port 2. Port 1 is for all internally wireless networks and connects to our core 6500 and use an external DHCP server scopes. Port 2 is for our guest WLAN and connects directly to a public network switch in front of (outside) the firewall. For the guest network, I have setup a vlan on the controller for dhcp and the interface setup to that vlan and dhcp scope built on the controller. how or can I NAT the internally addressing for the guest network to the public IP address on the controller. Essentially I want to drop of guest network traffic outside the firewall and not have to deal with setting up the firewall for any aspect of guest network traffic.
View 1 Replies View RelatedI am running a 5508 WLC with 10 Access Point. we need to allow Internet Access to Guest. 10MB DSL Internet is dedicated for Guest. This link is terminated on a regular ADSL modem without being part of our network. We want all Guest Internet traffic to reach the ADSL Router. where should I create the Guest VLAN / where the DHCP for Guest users should be created. what is the best practise for similar setup.
Our Network is simple
ISP_Reuter-------ASA_Firewall--------------4505------------LAN-switch 2950
ADSL_modem------------ users connect via wireless but restricted to certain area only.
Could I setup wired guest Internet connection without layer 3 web authentication and how?I want guest users access Internet without going through web authentication.
View 2 Replies View Related