Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1355
Views
0
Helpful
1
Replies

Guest wifi using WLC 3504

donnie
Level 1
Level 1

‎08-17-2019 06:37 AM - edited ‎07-05-2021 10:52 AM

Hi all,

 

I am using WLC 3504 and i have created a open ssid that require web auth. I have also enabled a lobby admin account on my WLC to create accounts for guests to connect to this ssid. The default ip of the interface of this ssid is 1.1.1.1. For guests using IE, they are able to authenticate via login page to connect to this ssid though they will see untrusted cert message (this is expected). However chrome will not be able to access the login page. When i try to change the ip of the interface for this ssid, the web auth login page would not be accessible, i need to revert the ip of the interface to 1.1.1.1 for the web auth login page to be accessible via IE. I notice the cert for web auth is meant for 1.1.1.1. If i intend to change the ip address of the interface for this ssid to 192.168.1.1, does it mean i need to regenerate the cert and indicate the CN as 192.168.1.1? I understand that the ip address assigned to this ssid (for web auth) must not be routable within my network. Please advise. TIA!

Labels:
0 Helpful
1 Reply 1

Rasika Nayanajith
VIP
VIP

‎08-18-2019 02:41 AM

Since 1.1.1.1 is now routable IP address over internet, you should not use it as virtual IP address of your WLC. Regarding webauth cert, yes you have to regenerate using new virtual ip address.

------

The Virtual IP address for the WLC must be configured as a non-routable IP address. You must ensure it does not overlap with the network infrastructure. The address can be configured to use an IP address from the internal allocated networks. Defined on  RFC1918

The available subnets are: 

 The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:

     10.0.0.0        -   10.255.255.255  (10/8 prefix)
     172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
     192.168.0.0     -   192.168.255.255 (192.168/16 prefix)

Or RFC5737 

The available subnets are:

The blocks 192.0.2.0/24 (TEST-NET-1), 198.51.100.0/24 (TEST-NET-2), 
and 203.0.113.0/24 (TEST-NET-3) are provided for use in documentation.

-------

Refer below

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213535-wlc-virtual-ip-address-1-1-1-1.html

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card