11-10-2014 02:23 AM - edited 07-05-2021 01:54 AM
Hi everybody!
I have a 4402 WLC and Cisco Aironet 1000 series APs. I would like to use the internal DHCP server to cater Guest users. The guest_vlan interface is configured as follows:
1. Interface name: guest_vlan
2. VLAN Identifier: 40
3. IP Address: 192.168.1.1; Netmask: 255.255.255.0; Gateway: 192.168.1.1
4. DHCP Server: 192.168.200.9---which is the management interface IP address.
The guest scope is configured as follows:
1. Scope name: Guest Scope
2. Pool Start Address: 192.168.1.2; Pool End Address: 192.168.1.254; Network: 192.168.1.0; Netmask: 255.255.255.0;
3. Default Routers: 192.168.1.1
4. No IPs were entered at the DNS and Netbios Name Servers.
My management interface is configured as follows:
1. VLAN Identifier: 0 ---which is the default setting.
2. IP address: 192.168.200.9; Netmask: 255.255.252.0; Gateway: 192.168.200.1
3. DHCP server: 192.168.200.11 ---which is our external DHCP server that caters to the corporate network.
I have configured a guest WLAN is pointed to the guest_vlan interface.
What happens is, the guest user obtains an IP address from the internal DHCP server. However, IT CANNOT ACCESS THE INTERNET.
What I want to configure is that:
1. The guest user will obtain its IP address from the Internal DHCP server.
2. After obtaining IP address, the guest user will be prompted to log in its user credentials.
3. The guest user can access the internet.
Kindly help me on this.
Many thanks and God bless.
11-10-2014 08:01 AM
Greetings!
Can you please post the following to further review?
show wlan <id>
show dhcp detailed <scopename>
show interface detailed guest_vlan
Thanks
11-10-2014 04:54 PM
Hi TJ McClintic,
Thank you for the reply.
Here are your queries:
1. show wlan <id>
WLAN Identifier.................................. 4
Profile Name..................................... OSG_Cisco_Guest
Network Name (SSID).............................. OSG_Guest
Status........................................... Enabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
Interface........................................ guest_vlan
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Bronze (background)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
--More-- or (q)uit
IPv6 Support..................................... Disabled
Radio Policy..................................... All
Local EAP Authentication......................... Disabled
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Enabled
WPA (SSN IE)............................... Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
WPA2 (RSN IE).............................. Enabled
TKIP Cipher............................. Enabled
AES Cipher.............................. Disabled
Auth Key Management
802.1x.................................. Disabled
PSK..................................... Enabled
CCKM.................................... Disabled
CKIP ......................................... Disabled
IP Security................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
--More-- or (q)uit
Web-Passthrough............................... Disabled
Conditional Web Redirect...................... Disabled
Auto Anchor................................... Disabled
Cranite Passthru.............................. Disabled
Fortress Passthru............................. Disabled
H-REAP Local Switching........................ Disabled
Infrastructure MFP protection................. Enabled (Global Infrastructure MFP Disabled)
Client MFP.................................... Optional
Tkip MIC Countermeasure Hold-down Timer....... 60
Mobility Anchor List
WLAN ID IP Address Status
2. show dhcp detailed <scopename>
Scope: OSG_Guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.1.3
Pool End......................................... 192.168.1.254
Network.......................................... 192.168.1.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.1.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
3. show interface detailed guest_vlan
Interface Name................................... guest_vlan
MAC Address...................................... 00:1b:53:63:62:a3
IP Address....................................... 192.168.1.2
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.1.1
VLAN............................................. 40
Quarantine-vlan.................................. no
Active Physical Port............................. 1
Primary Physical Port............................ 1
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 192.168.200.9
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
11-10-2014 05:13 PM
The wireless devices is able to obtain ip addresses. However, it cannot connect to the internet.
What I want to implement is that:
Thanks.
11-10-2014 08:24 PM
Hi,
You are getting the ip address with out any issue , Correct ?
For other issues:
> You can implement Guest web authentication page by configuring Layer 3 security on the Guest SSID. The database to authenticate can be Local controller or external radius server.
>The guest user can access the internet.To start with , your client should be in the RUN state before you start anything.Is this guest vlan able to ping the gateway which might be on the connected layer 3 switch. If yes , then try to ping some ip address of site like google.com. If that is also happening , then see if the client has DNS server to resolve the URLs.
> Bandwidth contracts can be defined under Wireless > QOS >roles and then apply to users defined in the local database or return as an radius attribute if you are using Radius.
Regards
Dhiresh
**Please rate helpful posts**
11-10-2014 09:26 PM
Hi Dhiresh,
Thanks for your comment.
Yes, the guest user can obtain an IP address. However, it was not able to connect to the internet. I have no idea where particularly is the problem.
I have posted below my configurations as requested by JC.
Thanks.
11-10-2014 09:31 PM
Hi,
Again"To start with , your client should be in the RUN state before you start anything.Is this guest vlan able to ping the gateway which might be on the connected layer 3 switch. If yes , then try to ping some ip address of site like google.com. If that is also happening , then see if the client has DNS server to resolve the URLs."
I dont think you have DNS server , Then how you would go to Internet without typing the Public Ip address? To check , Go to command prompt of the laptop
C:\>nslookup
Default Server: dns-blr2.ABC.com
Address: 72.163.128.140
Are you able to get the DNSserver ip like this?
Regards
Dhiresh
**Please rate helpful posts**
11-10-2014 10:15 PM
Hi,
Here is the config at my guest scope:
show dhcp detailed <scopename>
Scope: OSG_Guest
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.1.3
Pool End......................................... 192.168.1.254
Network.......................................... 192.168.1.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.1.1 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 192.168.200.17 192.168.200.27 192.168.200.16
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Our router is at 192.168.200.1. I tried to supply it at the "Default Routers" section but I get this error: "Error in setting DHCP Scope Status - Network conflicts with Default Routers".
Management IP is 192.168.200.9/22
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide