Guest SSID redirect to Nomadix box

MICHAEL BURNS · ‎09-10-2012

On our corporate WLAN we are using 802.1x, but we would like to redirect our guest traffic to a Nomadix box for the ULA acceptance. I have set up a guest SSID and have configured it to redirect to the box, but when you try to browse when connected to the guest SSID, it flaps between being redirected to the Nomadix box (10.1.101.2) and 1.1.1.1. Below is a screenshot of the WLC config.

George Stefanick · ‎09-10-2012

Hi

When you use a guest box you don't want to use any of the guest features like redirect in the wlc because your nomad box is going to handle this.

You want a open network and direct your dynamic interface gateway address to the ip address of your nomad box.

Any traffic generated off subnet goes to the default gateway which is the nomad. Nomad present the screen and once accepted allows the traffic to pass.

Again going off memory will confirm tomorrow for you .. Just thinking out loud ...

Sent from Cisco Technical Support iPhone App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

cminnick · ‎09-11-2012

We have the same setup,. uncheck the Web polcy and use the default nomadix ip as the gateway. Thanks George for the heads up on this issue. Glad to provide any info needed to assist

MICHAEL BURNS · ‎09-11-2012

Perfect. Just to clarify though, I would change the default gateway on the interface on the WLC correct? Or do I need to change the gateway supplied by DHCP to the clients?

George Stefanick · ‎09-11-2012

Correct, just the dynamic interface GW on the WLC. So as traffic comes into the WLC it is then sent directly to the nomad box. Clients you leave alone, they will still point at the router gw.

If this works for ya, please remeember to mark the question as anwsered. It will help others find it quickly if they have the same issue.

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

George Stefanick · ‎09-11-2012

Criag,

Thanks for stopping by. It was a bit ago that we set up that box...

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

MICHAEL BURNS · ‎09-11-2012

Great! I'll have a window later this week. I'll update how it went.

Thanks!

MICHAEL BURNS · ‎09-13-2012

So, in order to set up the Nomadix as the gateway on the guest wireless interface, the Nomadix has to be on the same subnet at the guest wireless. Now my question is how to cable the Nomadix box. It has the 2 ports (WAN/LAN). I could change the ip to be on the guest network, but would I then put both ports in that Vlan on the switch?? Doesn't seem right to me.

The recommended setup is to have it between the switch and external router, but then I don't want that uplink to be on the guest wireless subnet....

George Stefanick · ‎09-13-2012

Going off memory here.

We had 1 cable from the WLC plugged into the NOMAD LAN port (Layer 2). Then from the NOMAD WAN we plugged this into a swiitch in the DMZ and out.

WLC----NOMAD-----DMZ

I dont recall if the WAN was on a differernt subnet. I suspect it will need to be unless the NOMAD does routing. I dont recall. What does your manual say ?

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________