11-29-2011 09:33 AM - edited 07-03-2021 09:08 PM
Looking to create a guest access WLan so that Vendors can have internet access along with vpn into their own network while disallowing access to our internal systems.
I have created a Guest WLan and configured it on the WLC side. I think all I have to do now is to configure the core switch with athe New 99 Vlan along with configuring the trunk ports connected to the WLC's.
My question is, am I missing anything in the setup? and are there any "best practices" wen it comes to Guest access? I am hoping to use web-passthru authentication. I dont believe this requires any AAA or Radius servers which we dont have set up. I will probably just want a single "guest" account which will provide internet access without allowing access to the internal lan. Am I on the right track here?
Solved! Go to Solution.
12-09-2011 07:07 AM
Can you attach the show run-config
Sent from my iPhone
12-09-2011 07:15 AM
12-09-2011 07:21 AM
Could it be that the guest vlan is vlan 1?
12-09-2011 07:29 AM
Let me look at your config first.
12-09-2011 07:33 AM
Doesn't have the info I'm looking for. Can you download and use Putty.
12-09-2011 07:50 AM
12-09-2011 08:01 AM
Let me know if you need the corp WLC config, I'd rather email you directly with that if possible dont want to post that much info here.
12-09-2011 08:03 AM
If you can email me both that would be great… It’s easier to see what needs to be changed.
12-09-2011 08:09 AM
tried to send a pvt msg but no place to attach files
12-09-2011 08:10 AM
Send it to scott.fella@cdw.com
12-09-2011 02:19 PM
OK after a long few weeks, I think I finally got mt Guest access working thats to alot of help from Scott. A few things that I learned along the way are as follow:
1. Dont enable H-Reap in your Guest WLAN
2. Make sure your Firewall allows 80, 443, NAT as well as Ether IP (protocol 97)
3. Ether Tunnel can be tested with Mping and Eping between Controllers
4. Make sure your Mobility Anchors are set correctly
5. Make sure H-Reap and WLC connected switchports are configured as Trunks
6. Make sure all Guest WLAN settings are IDENTICALon all controllers (Some of this is probably obvious to many).
7. Be carefull when switching back and forth between WCS and the WLC interfaces, make sure you audit often.
8. Make sure to set up etherchannel correctly on the connecting WLC switchports when using LAG
9. Dont check "DHCP required" on Guest WLAN. (Works on other WLANS).
10. When all else fails.....consult this site!!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide