Solved: Any Best Practices for Guest Access? - Page 4

rlaudicina · ‎11-29-2011

Looking to create a guest access WLan so that Vendors can have internet access along with vpn into their own network while disallowing access to our internal systems.

I have created a Guest WLan and configured it on the WLC side. I think all I have to do now is to configure the core switch with athe New 99 Vlan along with configuring the trunk ports connected to the WLC's.

My question is, am I missing anything in the setup? and are there any "best practices" wen it comes to Guest access? I am hoping to use web-passthru authentication. I dont believe this requires any AAA or Radius servers which we dont have set up. I will probably just want a single "guest" account which will provide internet access without allowing access to the internal lan. Am I on the right track here?

Scott Fella · ‎12-09-2011

Can you attach the show run-config

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

rlaudicina · ‎12-09-2011

I can only get so mych from telnet but here is some of them

rlaudicina · ‎12-09-2011

Could it be that the guest vlan is vlan 1?

Scott Fella · ‎12-09-2011

Let me look at your config first.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎12-09-2011

Doesn't have the info I'm looking for. Can you download and use Putty.

-Scott
*** Please rate helpful posts ***

rlaudicina · ‎12-09-2011

Guest WLC

rlaudicina · ‎12-09-2011

Let me know if you need the corp WLC config, I'd rather email you directly with that if possible dont want to post that much info here.

Scott Fella · ‎12-09-2011

If you can email me both that would be great… It’s easier to see what needs to be changed.

-Scott
*** Please rate helpful posts ***

rlaudicina · ‎12-09-2011

tried to send a pvt msg but no place to attach files

Scott Fella · ‎12-09-2011

Send it to scott.fella@cdw.com

-Scott
*** Please rate helpful posts ***

rlaudicina · ‎12-09-2011

OK after a long few weeks, I think I finally got mt Guest access working thats to alot of help from Scott. A few things that I learned along the way are as follow:

1. Dont enable H-Reap in your Guest WLAN

2. Make sure your Firewall allows 80, 443, NAT as well as Ether IP (protocol 97)

3. Ether Tunnel can be tested with Mping and Eping between Controllers

4. Make sure your Mobility Anchors are set correctly

5. Make sure H-Reap and WLC connected switchports are configured as Trunks

6. Make sure all Guest WLAN settings are IDENTICALon all controllers (Some of this is probably obvious to many).

7. Be carefull when switching back and forth between WCS and the WLC interfaces, make sure you audit often.

8. Make sure to set up etherchannel correctly on the connecting WLC switchports when using LAG

9. Dont check "DHCP required" on Guest WLAN. (Works on other WLANS).

10. When all else fails.....consult this site!!!!!