02-21-2013 11:00 AM - edited 07-03-2021 11:35 PM
Hi,
We have a 5508 WLC at our main site, with an 1141 AP at a remote site that is connected to the main site via an MPLS network. The AP is configured to use FlexConnect mode.
I have a guest WLAN configured with the following key attributes:
Guest access works fine... However, I also need to provide access to the corporate network (at the remote site). I've created a WLAN for corp access, and added it to the AP group which contains the guest WLAN.
Whilst guest access works fine and I can see the SSID for corp access, corp clients don't get an IP address from the local sites DHCP server (I've tried with and without DHCP override on the corp WLAN)... they just get an APIPA address (169.254.x.x).
If I remove the guest WLAN from the AP group, then corp access works fine (without DHCP override), and clients receive an IP address from the remote sites DHCP server.
I've also tried with the AP in LOCAL mode... but have the same issue.
Please help... this is driving me crazy!
Thanks in advance.
Tony
02-21-2013 12:43 PM
Well the question is, where is the guest getting their ip address from, local site or the central site? Is the guest being tunneled back to the WLC or not. If you want to add a Corp SSID and you want to place traffic local at that site, you need to do the following:
That should do it.
Here is a link that explains FlexConnect and what you need to do.
https://supportforums.cisco.com/docs/DOC-24082
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
02-21-2013 01:01 PM
Hi Scott,
Thanks (again) for your help.
Guest users are tunnelled back to the WLC, where they also get their IP address from. The interface has an access list configured, so that guests have no access to the corp network, only Internet addresses. Although FlexConnect is configured on the AP, it's disabled for the guest WLAN, and enabled for the corp WLAN as I do need corp users to be locally switched.
As per your advice, I'll look into configuring the native VLAN / WLAN to VLAN mapping and IP helper, and get back to you.
Thanks again for your help.
Tony
Sent from Cisco Technical Support iPhone App
02-21-2013 07:08 PM
Is Local Auth checked for FlexConnect?
If so uncheck and verify.
John R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide