Re: Guest Wireless Network Setup

joshuamares01 · ‎04-20-2012

I got the task of setting up a Guest wireless network for one of our remote campuses. We already have some APs that are connecting to our WLC.

The Enviroment:

WLC Cisco 5500 is at our Corporate office. Connects to our Core Switch then to our Router

Router connects to our remote campuses over mpls

We currently already have APs at this campus that are connecting back to our WLC.

We have a DSL line at the remote campus that we want this Guest wireless routed to.

I have already created the guest network on the WLC and a guest VLAN on the Core switch

My main question is how to configure the two routers for this and have this go out the DSL modem?

Any help is very appreciated...

Scott Fella · ‎04-20-2012

If you wanted to utilize the remote sites dsl, you need to configure the ap in h-reap/FlexConnect mode. This way you can specify what SSID needs to be placed on what local subnet. You can still tunnel traffic back by not enabling h-reap/FlexConnect local switching.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

joshuamares01 · ‎04-20-2012

I am also broadcasting a network for our internal users. That traffic currently goes back to our main site and out our ISP there.

Sent from Cisco Technical Support iPhone App

Scott Fella · ‎04-20-2012

That is fine. All you have to do is enable h-reap/FlexConnect local switching on the guest WLAN. Then change the mode on the AP to h-reap/FlexConnect and then the ap will reboot once it comes back up, you need to co figure the switch port as a dot1q trunk only allowing the vlans for the AP and guest. Set the native vlan on the trunk I the vlan the ap belongs on. On the h-reap ap, you will have another tab on the top for h-reap/FlexConnect. You enable vlan support and then put the vlan I'd the ap belongs on. Hit apply then go back to the h-reap/FlexConnect tab and click on vlan mapping. There you will see the guest SSID and then a box in which you can enter a vlan. That is where you will put your vlan for the guest. Now since this vlan your dsl is connected needs to reach all the AP's, you just need to create a layer 2 vlan and connect the dsl router to that. Users will get an ip from that dsl router etc.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

phillip.vansickle · ‎04-20-2012

I had the same issue awhile ago...

https://supportforums.cisco.com/message/3252499#3252499

joshuamares01 · ‎04-23-2012

With h-reap how would I keep my internal users on our company network for internet, etc using the scenario above for guest access?

Stephen Rodriguez · ‎04-23-2012

You could enable a splash page and have the 'lobby admin' create credentials for the users. This only works so long as the guest do not share their username/password.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

joshuamares01 · ‎04-23-2012

If I change the AP mode to H-reap can I still have my internal users traffic routed back to the WLC while keeping my guest traffic local (dsl modem)?

Stephen Rodriguez · ‎04-23-2012

Yes, FlexConnect is a per SSID basis. So you can have the 'corp' be centrally switched, while the Guest is locally switched.

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

phillip.vansickle · ‎04-23-2012

For guest access, I run the the guest WLAN centrally switched (as the traffic is headed back to the main office for internet anyways), while the main data WLAN is locally switched. I suppose that you could do this the other way around if you needed to...