Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1251
Views
0
Helpful
7
Replies

891W Guest Vlan WIFI unable to access internet

paul.sheehan
Level 1
Level 1

‎04-09-2013 04:01 PM - edited ‎07-03-2021 11:53 PM

Has anyone had an issue creating a guest vlan to use the WIFI on an 891W router? The IOS is version 15.1.  I have created discreet Vlan's and setup subinterfaces on both the WLAN_AP0 and GigaEthernet 0 interfaces with dot1q encapsulation. The client will receive an IP from the pool but cannot ping or connect beyond the default gateway.

The external interface is using Nat overload and all wired clients are successful in connecting to outside addresses. I have insert a permit any statement in the acl which affects the external port but still no success.

Ideas?

Labels:
0 Helpful
7 Replies 7

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎04-09-2013 06:11 PM

Did you set ip NAT inside on the guest interface?

Can you share the router side config?

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

paul.sheehan
Level 1
Level 1
In response to Stephen Rodriguez

‎04-10-2013 05:04 AM

Hi Stephen;

Thanks for your reply.

I will recheck the ip nat inside for this wlan interface today when onsite. I assume it will need to be applied to both 2.4 and 5 GHz radios as it is unknown what device the guests would attach?

Since the corp users need to exit the gigaEth interface too this interface has an IP set on it to allow NAT overload outside. Will this impede the subinterfaces on that physical in any way?

0 Helpful

paul.sheehan
Level 1
Level 1
In response to Stephen Rodriguez

‎04-10-2013 10:20 AM

Hi Stephen;

Here is the last config. Thanks for all the advice.

15358151-RunningConfig_192.168.1.2.txt.zip
0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎04-10-2013 04:19 AM

Hello Paul,

As per your issue of not able to create a guest vlan to use WIFI.I can suggest you the following solution-

Make sure that the trunk has been established between the interfaces. And moreover on the access-list you are configuring you must be specific in permitting the users from the guest user. Make sure the access-list is applied on the proper interface and in the correct direction.

Hope this might work.

0 Helpful

paul.sheehan
Level 1
Level 1
In response to Abhishek Abhishek

‎04-10-2013 05:01 AM

Hi Abhishek.

Thanks for your reply.

The outside interface has no outbound ACL but one inbound. This ACL had a temporary permit any any applied for testing with no success. However it had a permit for the guest network prior as well.

Both the guest VLan and the physical gigaEthernet interface are configured as subinterfaces with the same VLan tag established. The same SSID and Vlan ID were placed on both of the 2.4 & 5 GHz radios.

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to paul.sheehan

‎04-10-2013 10:37 AM

router side, interface vlan 17, you need to add ip nat inside.

for your nat acl/route-map, either add the 192.168.7.0 pemit statement to ACL 103, or add a second entry to the RMAP_1 with acl 104 allowed.  Personally I would just add the 192.168.7.0 statement to acl 103.

test that and let me know if they can get interwebz access

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

paul.sheehan
Level 1
Level 1
In response to Stephen Rodriguez

‎04-11-2013 05:43 AM

Stephen;

We applied the nat and acl as suggested but with no success. The client has also stated he cannot receive an IP from the pool. When creating the pool do you need to define for both 2.4 and 5 GHz radios?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top