02-13-2017 11:01 AM - edited 03-11-2019 12:27 AM
Enabling "VLAN DHCP Release" options will it help in resolving the issue
Regards
Laxmi
02-13-2017 01:39 PM
Hello Laxmi-
Here are my comments/suggestions:
1. If you are using CWA (Central Web Authentication) or LWA (Local Web Authentication), then the guest clients must have an IP address so they can browse to the guest portal
2. If possible, increase the IP pool for the guest users
3. Decrease the lease time for the IPs on the guest pool, thus reducing the amount of time a guest holds onto an IP address
4. You can create two DHCP pools/networks that are dedicated for pre and post authenticated users. For instance:
- Unauthenticated Guests: VLAN:10 with DHCP pool: 192.168.10.0/24
- Authenticated Guests: VLAN:20 with DHCP pool: 192.168.20.0/24
I hope this helps!
Thank you for rating helpful posts!
02-13-2017 11:12 PM
02-14-2017 11:26 AM
I don't have specific documentation but it is essentially a VLAN override. The guest users will start in VLAN 10 and after they are successfully authenticated then ISE will push a different VLAN where the authenticated guest users will be placed.
Now, you are correct, VLAN 10 can still be depleted with the issue that you described. So I think the only options that we have left are:
1. Make the IP pool even bigger. I know you have already done this but perhaps you can add even more
2. Separate the guest networks so each site gets their own guest subnet/VLAN
3. Play with the timers inside your WLC. You can look to decrease the "idle" and the "session timeout" timers and see if that helps.
Thank you for rating helpful posts!
02-20-2017 12:42 AM
Thanks Neno... :)
will see how it goes
Regards
Laxmi K
02-20-2017 08:44 AM
Sounds like a plan! Please keep us posted!
Thank you for rating helpful posts!
02-20-2017 09:01 AM
Hi,
i haven't changed any timers on WLC,just decreased the DHCP lease from 1 day to 6:00 hrs and I already have /22 network pool.
will observe for few days and post you with the results.
Thanks!!
02-20-2017 09:09 AM
Hello Neno,
Can you look on to below link, if you can suggest anything on.
https://supportforums.cisco.com/discussion/13229631/cisco-ise-20-error-unable-send-sms
Thanks.,,Laxmi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide