Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1230
Views
10
Helpful
2
Replies

Implementing Guest WIFI with Cisco Mobility Express on 1850er AP´s

tobias13
Level 1
Level 1

‎04-07-2022 11:35 PM

Hello Guys,

i have a little problem for which i cant find a solution for and i hope you can help me.

In our office we use 4 Cisco AP1852E for our wifi setup, one of them works as an AP and the Controller at the same time.
Our normal Office wifi works without any problems, but now we want to implement Guest Wifi on the same Access Points for e.g Customers or suppliers.
My Question now is:
Is it possible to Configure Guest WIFI in a way on the Controller that the people who are connected to the Guest WIFI only have Access to the internet and no other ressources?
We have the problem that we dont have manageable switches so a vlan seperation ist not really possible. The Controller/Access Point would need to do alle the traffic management/restriction.
So for example an employe connects with the normal company wifi it works like he was connected with cable to the internal network, but if a customer connects to the guest wifi, the Controller/Access Point should only allow access to the internet and no local ressources.
We dont need any fancy welcome page for the guest network, aaa or something like this, just simple WPA2 Personal login.
I tried the Guest settings in the wifi configuration and played around with different access list but could find a way to make it work.
I hope you can help me and sorry for my long post

0 Helpful
2 Replies 2

Flavio Miranda
VIP
VIP

‎04-08-2022 03:40 AM

"Is it possible to Configure Guest WIFI in a way on the Controller that the people who are connected to the Guest WIFI only have Access to the internet and no other ressources?"

That´s exactly what guest network does.

 

"We have the problem that we dont have manageable switches so a vlan seperation ist not really possible. The Controller/Access Point would need to do alle the traffic management/restriction."

 

Then you really have  a problem. You need vlan. Using Access Points has a problem cause  Access Ponits has only one port. If you had a WLC, it usually has more then one port. So, you can connect one port for a router or firewall and physically segragate the guest network but with one only port, you need to Logically segregate the network.

tobias13
Level 1
Level 1
In response to Flavio Miranda

‎04-11-2022 11:14 PM

Hello Flavio,

thanks for your reply.
If I understand your answer right it is not possible to seperate the internal and the guest WIFI just with tools on the Controler, its sad but i already thought that a answer like this would come.
Over the weekend i thought about this topic and maybe found a solution which i am not really sure if this works.
We use a Cisco RV320 Dual-Gigabit-WAN VPN-Router in the Office where we have this WIFI problem. Would it be possible to connect the Access Point (which is at the same time the controller) directly to the router and let the router handle the VLAN management?
For example: 
Company WIFI = Untagged Frame
Guest WIFI = Vlan 10
We configure the Controller AP in the way that the Company WIFI is not tagged and the Guest WIFI is tagged with Vlan10.
Then we enable the untagged and the Vlan10 tagged frames on the Router Port where the Controller is connected to and on all the other router ports where our internal stuff and all the other Access Points are connected to we only allow untagged Frames.
Because in my understanding the Controller tags all the packages with the VLAN, so if the other AP´s are connected to the other Ports of the Router via Switch it should not be a problem.

Im sorry if i misunderstand something and i hope you can help me

Greetings

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card