Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1596
Views
4
Helpful
4
Replies

Wireless guest users are getting limited connectivity.

eng_elshreef
Level 1
Level 1

‎08-09-2011 11:41 PM - edited ‎07-03-2021 08:32 PM

Could anyone help please, I have a wireless guest solution consist of :

  • WLC located internal in the network – all the AP are associated with that WLC-.
  • Anchor WLC located in the DMZ . the guest SSID are tunneled from the internal WLC to the Anchor WLC, the DHCP service for guest users is on the Anchor WLC.
  • NAC guest server to authenticate the guest users.

The solution was working properly but now we have a problem that if any one tried to connect to the guest SSID if he is authorized or not , the user will get IP address from the DHCP pool and now as you know most of people has smart phones and they try to get internet access. Now only 5 or 6 people authenticated with NAC gest server and the DHCP pool become full because too many people tried to connect even they do not authenticate.

so if any user trys to cnnect he will not get IP address from the anchor controller and getting limited connectivity.

if I add static IP address on my Laptop , I will be redirected to the authentication page and can access normally.

I am working in big environment 7,000 users so I can’t go with increasing the DHCP pool because the problem will not be solved.

I hope if anyone can help in this case.

Thanks in advance.

Labels:
0 Helpful
4 Replies 4

Surendra BG
Cisco Employee
Cisco Employee

‎08-09-2011 11:59 PM

This is a pitfall and raising  the eyebrows.. currently we do not have anyother option other than using a WPA-PSK + WEB AUTH

that is..

PSK will block the users to just grab an IP and sit!! , if the user enters a valid PSK, he will get the IP address and followed by the Web auth process!! this may help u as of now.. or just a work around.. to overcome the IP exhaustion..

Please rasie a PER with your accounts team to raise the severity on this issue if u have the contract n all with us!!

Please dont forget to rate the usefull posts!!

Regards

Surendra

Regards
Surendra BG
0 Helpful

rdvorak
Level 1
Level 1

‎08-10-2011 01:08 AM

Hi,

as you haven't mentioned it - have you tried to reduce the lease time on the scope.

So if the clients that only connect for a moment and never auth on the web page get removed from the DHCP pool faster to free up your pool again.

Regards,

Ron

0 Helpful

eng_elshreef
Level 1
Level 1
In response to rdvorak

‎08-10-2011 01:29 AM

Hi,

yes I tried to reduce the lease time to 15 mins and still facing the same issue.

Thanks

Ismail

0 Helpful

Surendra BG
Cisco Employee
Cisco Employee
In response to eng_elshreef

‎08-10-2011 03:15 AM

Go for WPA-PSK + WEB AUTH.. this wil help u!!

Please dont forget to rate the usefull posts!!

Regards

Surendra

Regards
Surendra BG
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card