Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15643
Views
78
Helpful
44
Replies

Ask the Experts: Wired Guest Access

ciscomoderator
Community Manager
Community Manager

‎01-13-2012 01:08 PM - edited ‎07-03-2021 09:22 PM

Sharath K.P.

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions on wired guest access with expert Sharath K.P. Wired guest access enables guest users to connect to the guest access network from a wired Ethernet connection designated and configured for guest access. Sharath K.P. is a Customer Support Engineer specialized in wireless and switching technologies at the Technical Assistance Center in Cisco Bangalore. He has been troubleshooting wireless and switching networks and management tools since 2009. Sharath has a bachelor's degree in Electrical Electronics Engineering from P.E.S College of Engineering (PESCE), VTU at Belgaum. India. He holds CCNP certifications in R&S and Wireless.

Remember to use the rating system to let Sharath know if you have received an adequate response. 

Sharath might not be able to answer each question due to the volume expected during this event.
Remember that you can continue the conversation on the Wireless and Mobility sub-community discussion forum shortly after the event. This event lasts
through January 27, 2012. Visit this forum often to view responses to your questions and the questions
of other community members.

Labels:
0 Helpful
44 Replies 44

Sharath Kattemane Prabhakar
Cisco Employee
Cisco Employee
In response to Daniel Anderson

‎01-20-2012 06:31 AM

Hi Daniel ,

Yes it very common pracitse to have redudant WLC's with exact similar config's present .

Now regarding  you query of having the guest vlan  trunked  to multiple local controllers ,without activating guest LAN . on secondary controllers  ,this should work fine .(checking the previouis issues and after lab tetsing ).

We have had issues when guest LAN was active at multiple WLC's ,where in sometimes clients dsassociate and sometimes have DHCP issues as well .

Let me know if you need further insight into the issue .

Pleasure discussin tech with you

Regards ,

Sharath K.P

0 Helpful

tdennehy
Level 1
Level 1
In response to Sharath Kattemane Prabhakar

‎01-20-2012 07:24 AM

That is the issue we are having. Each campus has two controllers with the same configs - with exception of the same dynamic ip addresses, of course. Guest wireless working fine, all other WLANs working fine. Primary controller handles all access points, secondary sits without any APs, waiting for primary to fail.

After we configured the wired guest solution on BOTH controllers (which are trunked to the same HSRP pair of core switches) we saw strange behavior on a few, but not all, of the wired guest users.

For instance, one campus has four wired guest users. Two of which appear to be working fine, however since they are guest kiosks, we don't really know for sure how well they work. The other two are in a library with constant use. The phones immediately started ringing because of these two machines.

The strange behavior we saw was mostly timeouts and deauths. The wired guest machine would work fine one day, and then the next it would require you to open a browser and login through the splash page over and over again. About every two or three minutes, or whenever you needed to go to the www. Almost as if the client was an 802.11 client and someone was sending you a deauth packet. Another thing we saw was time-outs to the gateway. I could set up a continuous ping to the gateway and it would randomly stop for about 90 seconds. Sometimes you would be required to log in again, sometimes not.

I thought at first it was the workstation image, so I booted to some Linux Live CDs and problem still existed. Replaced L1 items - patch cables, etc. Changed switchports, etc. Tried my laptop on the same ports, spoofing the MAC address of offending machines, still saw weird problems. We never did see DHCP issues, however. At least I didn't, anyway. During my troubleshooting, I had my laptop on the guest wireless sitting right next to the guest wired machines, and my laptop never had any issues like the guest wired machines.

Next step was I put two Linksys WUSB600N USB WLAN adapters on each machine, disabled the onboard gig card, and walked away. The machines have been fine ever since.

My next step is to find out the best way to disable the guest wired on the redundant controller, (but keep it configured) and develop a procedure for enabling it the day of a primary controller failure. But until then, the guest wired machines are going to stay wireless.

120971-winmail.dat.zip
0 Helpful

Sharath Kattemane Prabhakar
Cisco Employee
Cisco Employee
In response to tdennehy

‎01-23-2012 09:46 AM

Hi Tdennehy ,

Thanks for the detailed explanation ,Pleasure interacting with you

Is there a TAC case open on the issue mentioned above .

Currenlty are you in the testing phase ,I mean has the guest wired network been disabled on the WLC .If so please let me know the status . This should add to current work we  are doing in testing redundacny in wired guess networks .

Regarding 'procedure for enabling  guest wired network on the secondary WLC   the day of a primary controller failure' , I guess CSCtw44999   should answer all the question and documnet the various parameters that get broken  down .

Regards ,

Sharath K.P.


tdennehy
Level 1
Level 1
In response to Sharath Kattemane Prabhakar

‎01-23-2012 01:01 PM

SR 620223969

121146-winmail.dat.zip
0 Helpful

Sharath Kattemane Prabhakar
Cisco Employee
Cisco Employee
In response to tdennehy

‎01-19-2012 11:20 AM

Hi ,

Apologise for the confusion .

While  its a very comman practise  to have multiple foriegn WLC's ,offlate we have seen seem multiple issue's  reported TAC on the same .Hence the caveat has been open to test all possible breakdown with Wired guest access with multiple foriegn . We working on the same and update  you as soon as possible

But again the design you have mentioned is very commanly deployed and serving guest clients fine .

Regards ,

Sharath K.P.

tdennehy
Level 1
Level 1
In response to Sharath Kattemane Prabhakar

‎01-27-2012 05:59 AM

Sharath,

I created a network drawing showing you the way our deployment is configured.  This is really meant for everyone else reading this post, actually.

The way I understand it, the way we are configured below will not work because the guest wired solution is configured on both WLCs and of the edge switches are trunking all VLANs to the core, and the core is trunking the wired guest VLAN to both controllers.

We see strange behavior on the wired guest clients when configured like this.

Daniel Anderson
Level 1
Level 1
In response to tdennehy

‎01-27-2012 06:49 AM

Hi,

From my understanding during the course of these conversations, the scenario you have isn't recommended from a Guest Wired perspective. Going from the post from Sharath K.P. from the 18th Jan, Cisco have created Bug

CSCtw44999 for this issue.

In your scenario, the easiest solution is to leave all the switch and WLC trunking in place, but simply shutdown the Guest Wired network on your Secondary WLAN Controller, all requests will only be responsed to by the Primary Controller. In the event of a failure to this device, then you'd simply need to enable the Guest Wired network on the Secondary controller - having left all the trunking configuration in place - Guest wired connections would start to use this device.

Your example is similar to how we had out Guest Wired network configured initially, but we also had issues with client connections dropping etc. I simply disabled the Guest Wired network on 3 of our 4 controllers.

tdennehy
Level 1
Level 1
In response to Daniel Anderson

‎01-27-2012 07:28 AM

Daniel,

A picture is worth a thousand words in this case.  I too gather from the course of these conversations that our scenario is not supported/recommended when using the guest wired networking solution.

A lot of conversation has taken place here, and I am not sure how many people are following this thread.  I drew up the picture in hopes it would help everyone understand what scenario is not recommended.  From the docs it isn't quite clear what NOT to configure, and how.  The docs I have seen, anyway.  I skipped right over the 3750G part since I thought to myself, "we're not using that switch".

I sure hope the drawing is correct and that I got it right, and also hope it helps someone else!

-=Tim

Daniel Anderson
Level 1
Level 1
In response to tdennehy

‎01-27-2012 07:42 AM

It certainly is. Knowing this information would have saved me quite a lot of head scratching many months ago when trying to troubleshoot a similar scenario.

0 Helpful

Sharath Kattemane Prabhakar
Cisco Employee
Cisco Employee
In response to Daniel Anderson

‎01-28-2012 05:49 PM

Hi Daneil ,

Thanks for  the inputs in the discussion .

You are absolutely right in the above post .The easiest way get the network running  would be to disable the wired guest WLAN on the secondary controller .

Regards ,

Sharath K.P.

0 Helpful

Sharath Kattemane Prabhakar
Cisco Employee
Cisco Employee
In response to tdennehy

‎01-28-2012 05:46 PM

Hi Tdennehy ,

Thanks a lot for creating such a detailed diagram and explaining the depolyment scnearios .

You are absolutely right in you understanding that currently  we are not recommeding any redundancy  for wired guest access as we have been  notified of  inconsistencies when deploying the same .

We have opened CSCtw44999 for the same and will be working on that .

You can also subscribe to the bug ,by clicking on my notification and setting up a group for the same in our bug toolkit link .

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtw44999

Regards ,

Sharath K.P.

0 Helpful

jesstonybagasol
Level 1
Level 1

‎01-19-2012 05:28 PM

Hello sharath,

I have some problem with my configuration. I have two Vlan 10 and Vlan 20 with 4pc's. I want that student vlan connot ping Faculty Vlan, but Fuculty can ping Student Vlan.

Thank you

from:jess

0 Helpful

Sharath Kattemane Prabhakar
Cisco Employee
Cisco Employee
In response to jesstonybagasol

‎01-20-2012 06:34 AM

Hi Jess ,

I dont see any reference to Wired guest access in the diagram . Is it a WLC based deployment or is it regular  L2/L3 switching network .

Please provide me more details , I will answer your query .

Regards ,

Sharath K.P

0 Helpful

jesstonybagasol
Level 1
Level 1
In response to Sharath Kattemane Prabhakar

‎01-21-2012 07:10 AM

Okey, just give me and idea in how to make that, PC1 cannot ping PC2 but, PC2 can ping PC1 how to configure this type of network.

I want Student PC cannot ping Faculty PC. but, Faculty can ping Student Pc

thank you...hope your reply.

0 Helpful

ciscomoderator
Community Manager
Community Manager
In response to jesstonybagasol

‎01-23-2012 08:36 AM

Hello Jess,

Thank you for your participation on this Ask the Expert Event.  Since the topic Sharath is covering is on Wireless Guest Access, he  can't answer your question on VLANs, I recommend you to post your  question at the LAN,   Switching and Routing to get a better opportunity to get your  question answered.

Kindest Regards,

Cisco Moderator

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card