03-06-2010 10:02 PM - edited 07-03-2021 06:35 PM
Hi
Looking for input on Guest Vlan subject.
How can I avoid routing of Guess VLAN traffic to DATA VLAN, any traffic from Guest VLAN should be routed to Internet directly.
Looking for similar setup as in Hotels, Guest are provided with username/password with time duration to access internet and limit the download speed.
Do I need to create another SSID on the WLC and how the guest users will acquire ip, from WLC DHCP or Windows DHCP.
If its Windows DHCP then Guest traffic reaches my Data VLAN
Any Help
Solved! Go to Solution.
03-07-2010 08:34 AM
We got WLC 4420 ----- Do you mean a 4402-xx
AP 1200 series ( 5 in quantity )
I am new to WLC, can you help me to understand
The AP's and the Code you might have will only support 8-16. You don't want to configure too many (best practice is around 4) because of all the beacons that needs to be sent might cause issues with certain devices. You can configure eash ssid the same of different, it is up to you. Follow best practices on this.
You can create WLAN Override (depends on code - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml) to specify what AP's will braodcast what SSID's. This can be messy if you have gaps for roaming, unless that is not an issues.
You have different options:
All this depends on you current infrastructure and if you plan on buying more equipment or use the existing.
You can use a NAC Guest Server... if you want to spend a lot of money. You can configure a Lobby Admin account on the WLC so that the secretary has only read/write to add guest accounts. This would be the same if you have WCS with a lobby admin account.
http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1078208
You would need to use a 3rd party tool for this like ZoneCD or again you can use the NAC Guest Server.
http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns787/data_sheet_c78-456124.html
Any configuration sample link with one Internet connection having DATA and Guest VLAN using ACL to restrict the traffic.
I put some links above... hope this helps. Again, it will come down to your existing environment and how much more you want to spend. You also have to look at the time it might take to setup, will the secertary want to do this, etc? How I see guest access..... well.... they go out a seperate internet pipe, so I don't really care about bandwidth. Its guests so they would have to deal with that anywhere the go, even hotspost or even worse hotels:) Make it simple and make it work... then you can add to that later when you get more familiar to configuration and troubleshooting.
03-06-2010 10:48 PM
You need to have a seperate ssid for guest. Now you could use one port on the WLC for guest and this port would be connected to a seperate internet connection. If you only have one internet connection, then you will have to use ACL's (filters) to block guest traffic from you internal traffic. Depending on what equipment you have, there are various ways you can do this. Here are some links.
http://www.cisco.com/en/US/products/ps6366/products_qanda_item09186a00809ba482.shtml
03-06-2010 11:19 PM
Thanks for replying.
We got WLC 4420
AP 1200 series ( 5 in quantity )
I am new to WLC, can you help me to understand
Any configuration sample link with one Internet connection having DATA and Guest VLAN using ACL to restrict the traffic.
03-07-2010 08:34 AM
We got WLC 4420 ----- Do you mean a 4402-xx
AP 1200 series ( 5 in quantity )
I am new to WLC, can you help me to understand
The AP's and the Code you might have will only support 8-16. You don't want to configure too many (best practice is around 4) because of all the beacons that needs to be sent might cause issues with certain devices. You can configure eash ssid the same of different, it is up to you. Follow best practices on this.
You can create WLAN Override (depends on code - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml) to specify what AP's will braodcast what SSID's. This can be messy if you have gaps for roaming, unless that is not an issues.
You have different options:
All this depends on you current infrastructure and if you plan on buying more equipment or use the existing.
You can use a NAC Guest Server... if you want to spend a lot of money. You can configure a Lobby Admin account on the WLC so that the secretary has only read/write to add guest accounts. This would be the same if you have WCS with a lobby admin account.
http://www.cisco.com/en/US/docs/wireless/wcs/4.2/configuration/guide/wcsmanag.html#wp1078208
You would need to use a 3rd party tool for this like ZoneCD or again you can use the NAC Guest Server.
http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns787/data_sheet_c78-456124.html
Any configuration sample link with one Internet connection having DATA and Guest VLAN using ACL to restrict the traffic.
I put some links above... hope this helps. Again, it will come down to your existing environment and how much more you want to spend. You also have to look at the time it might take to setup, will the secertary want to do this, etc? How I see guest access..... well.... they go out a seperate internet pipe, so I don't really care about bandwidth. Its guests so they would have to deal with that anywhere the go, even hotspost or even worse hotels:) Make it simple and make it work... then you can add to that later when you get more familiar to configuration and troubleshooting.
03-07-2010 11:19 PM
Thank a ton.
03-08-2010 08:44 AM
No problem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide