07-28-2012 10:25 AM - edited 07-03-2021 10:28 PM
Hi
on a 5508 WLC can we create new SSID for IPAD / IPHONE Users without having ISE, onyly Iphone / IPAD are allowed to be authenticated rest all should be denied. IS this possible
Please input
cheers
CP
07-28-2012 10:27 AM
You need an ISE or something that does profiling.
07-28-2012 02:14 PM
Thanks Scott
Possible to configure DHCP on WLC for Tablets only with WPA2 and forward the traffic to Core.
then the core will route this vlan to a router to send traffic on internet. Also this DHCP range should not communicate with other network on the lan segment. can ISP DNS be configured on WLC in this scenario
Possible to restrict Bandwidth incomming/outgoing traffic for this new SSID on WLC
cheers
CP
07-28-2012 02:25 PM
You can do per user bandwidth contracts to limit the bandwidth using QoS or you can limit the bandwidth for a particular subnet from the core. The only way is to have one SSID for the iPads and another SSID for the iPhones etc. this way you can have users connect their phones to a certain SSID and put them in a separate subnet so you can police them or even put them in a dsl Internet connection if you wanted.
Sent from Cisco Technical Support iPhone App
07-29-2012 01:58 AM
Scott,
Good Idea to offload Iphone/Ipad traffic to normal DSL but I am not sure on how to route traffic from WLC to DSL Modem and return Traffic. currently DSL modem is not connected to network and our default route from BackBone is send to Cisco ASA.
Steps required
Feedback if these are correct steps and missing steps
thanks all
cheers
CP
07-29-2012 08:18 AM
Well if your wlc is configured for lag and you do have more than one port connected from your wlc to the core, this is what you can do.
Connect the dsl modem to port on you switch and set that port to vlan 900 or something you are not using. You will have to create a layer 3 interface and set that to dhcp (obtain its ip address from the isp) unless the ISP gives you a static address. Then you add a new dynamic interface to the wlc for this network. You assign it a profile name and set the vlan to 900. Give it an ip address in that subnet and adding the gateway and mask.
Make sure the new subnet is not in your routing table and you can also configure acls to prevent this subnet from communicating to your internal and vice versa. You can have the router/layer 3 switch provide dhcp or you can have the wlc provide dhcp. If the wlc provides dhcp, then you need to make sure dhcp proxy is enabled on the wlc.
Sent from Cisco Technical Support iPhone App
07-30-2012 12:54 AM
Scott
I am missing how to route traffic to dsl.modem for ipad-vlan and acl to prevent communication between ipad subnet and data subnet. I didnt see dhcp proxy option on wlc
Vlan 2
interface vlan 2
description DATA-VLAN
ip address 172.16.5.1 255.255.254.0
VLAN 900
interface vlan 900
description IPAD-VLAN
ip address 192.168.1.250 255.255.255.0
interface FA 0/28
description connected to DSL Modem
switchport mode access
swtichport access vlan 900
interface Giga 1/0/1
description connected to WLC
switchport mode trunk
ip route 0.0.0.0 0.0.0.0 Cisco-ASA
cheers
CP
08-01-2012 12:47 AM
hello
ACL restriction is working but browsing still not. I can ping the dsl modem from switch but no browsing
access-list 25 deny 172.16.5.0 0.0.1.255
access-list 25 deny 172.16.5.0 0.0.1.255
access-list 25 permit any
inter vlan 900
ip access-group 25 out
cheers
CP
08-03-2012 12:03 PM
Well you would need a ip route from the 192.168.1.0 to the DSL modem of 192.168.1.1. Is that a DSL modem only or a DSL/Router? The eason I cask, is because if its a modem, then your config should be like this:
VLAN 900
interface vlan 900
description IPAD-VLAN
ip address dhcp
This interface should get an address from your ISP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide