Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
14840
Views
0
Helpful
17
Replies

Cisco Flex Connect and users can not get IP Address by WAN

Go to solution
ivan.martin
Level 1
Level 1

‎09-30-2012 11:14 AM - edited ‎07-03-2021 10:44 PM

Hello my name is Ivan

I have a wlc 5508 with license base to 50 aps, i use a deployment flex connect. I already registered all my access points, I use web authentication to authenticate users guest, and the service dhcp is in the central site.

My issue is the users in each remote site, can not get an ip address by dhcp from the central site, they can authenticate in the guest ssid, but any users can not get an ip.

The request is passing by the wan in this way

Central Site DHCP - Router WAN - Remote Site - Users with notebooks. I use flex connect central deployment (all the traffic consulting to the wlc) .

perhaps i should use local deploy? The wlc is in the central site.

Can you help me to resolving this issue please? , perhaps any advice?

Regards

Ivan.

Labels:
0 Helpful
17 Replies 17

Go to solution
grabonlee
Level 4
Level 4
In response to ivan.martin

‎10-02-2012 11:20 AM

A network diagram would help make it clearer what you want to achieve. What is your set up?

1. Is the WLC solely for guest access and the APs only broadcasting the guest SSID? or

2. are their 2 WLCs with one acting as the anchor for guest users?

You can configure different dynamic interfaces with its vlan ID for each site and the external dhcp IP address is specified on the each dynamic interface. Also the DHCP server has to be reachable from the WLC. You can ping the dhcp servers from the WLC to confirm reachability.

0 Helpful

Go to solution
ivan.martin
Level 1
Level 1
In response to grabonlee

‎10-02-2012 02:45 PM

Thanks Osita

I have

One WLC in the central site

Server DHCP in the central site, it can send the ip address to all the customer are in the remote Sites

3 SSID

Corporative with 802.1x peap

Directors with  wpa psk with mac filtering

Guest with Web Authentication

I each remote site have a router wan, it can work that server dhcp to all the customer

Each remote site have the same network: 192.168.1.0/24 in the same vlan id 30

My issue is:

I shold deploy central authentication with central swithing or local switching?

If I configure central switching, i should configure interfaces dynamics for each remote site, but each network remote site and id vlan are the same.

How can I do iT?. I think that central authentication with local swithing can work very well in my scenary.

Whats your opinion?

Regards

Ivan

0 Helpful

Go to solution
grabonlee
Level 4
Level 4
In response to ivan.martin

‎10-03-2012 03:30 AM

Hi

It's not best practice to have both your corporate clients and guests anchored on the same WLC. However, for your scenarion,I would suggest the following:

1. Disable LAG on the WLC if it exits

2. Create a dynamic vlan for guests and map it to a physical port on the controller. The WLC 5508 has 8 distribution ports so there is enough.

3. Your corporate clients SSID can be mapped to the management interface if you choose. The management interface takes the first port.

4. The dynamic interface for the guests must have the IP address of the external dhcp server specified.

5. If the WLC ports are connected to the same switch, you can create pre-authemtication ACL for guests to deny access to any corporate subnets and allow connection to only DNS,DHCP,and other necesssary services.

6. Map the guest SSID to the dynamic interface VLAN.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top