Wireless guest users are getting limited connectivity.

Similar Messages

• Wireless Guest Users DHCP issue

  Dear all
  We have 2 wism as well as Anchor controller
  Guest users are getting ip address from anchor controller.
  We had created DHCP scope on anchor controller itself.
  We had opened particular ports to communicate between guest controller and inside controller for EOIP tunneling to take place.
  Issue is that some times user is getting IP address in the range of AP management vlan.
  Do we require to open ports for bootpc and bootps as well or do we need to create dhcp scope in the switch.
  If any one has faced the above issue pls reply me at the earliest.
  Regards
  -Danish

  If the anchor goes down, or mobility fails, the user should never egress from the Foreign WLC (in my opinion). However, if you are saying that the user gets an IP from the MGMT Interface of the Foreign WLC (not the Anchor), then it is doing exactly what it shouldn't.
  What version of code is this?
  I've seen a lot of deployments implement a "dummy interface" on the Foreign WLC.  So a fake vlan/subnet is created on the WLC and mapped as the default interface for the Foreign's Guest WLAN.   In the event anchoring does fail and the client sticks to the foreign WLC this dummy interface would actually prevent the user from having network access.
  Are you seeing this often?

• Wireless Guest Users once authenticated, are able to connect again after disconnection

                     Wireless Guest Users once authenticated, are able to connect again after disconnection .Clients should not able to connect after the restart or by disabling and enabling the WIFI adapter. But as of now clients are connecting to network . How we can configure this feature in WLC ?

  IIRC, if your reboot, disable the adapter or disconnect from the wireless, as long as the session timer or the idle timer does not timeout, then you are still considered as authenticated. If you logout, the wlc logs you off and you will have to log back in. The wierd thing is with iPhones or iPads, they go to sleep mode and you have to log back in to access the guest network. The workaround was to increase the idle timers to a certain acceptable limit to prevent this from happening.
  If you disconnect from the guest SSID and leave your client off the network until the idle timer expires, do you get prompted for a login or do you have access again?
  Sent from Cisco Technical Support iPhone App

• WLC 2500 and WCCP for Wireless Guest Users

  Hi there
  I would like to redirect web traffic from WLANs on a Wireless LAN Controller 2500 to a proxy server in a remote site. I'm using ironport proxy server and Cisco 3560 Layer 3 switch. Basically current scenario is:
  Wireless Guest Users get authenticated by web-auth through Access Point 3501 HREAP configured. Guest client gets an IP address on VLAN 100 in remote site. Once they connect to VLAN 100, I want all web traffic to be redirected to the proxy server. I know PAC file may be the easier solution however our guest clients want seamless solution for internet. I am not sure whether WCCP is supported for this.               
  You advice will be highly appreciated.
  Regards

  For guest wireless traffic redirect to proxy server
  https://supportforums.cisco.com/thread/2126486

• User are getting kicked out of SNP planning book

  Hello Experts
  I hope you can help me out here!
  From time to time we are experiencing strange issue for SNP user's .. User are getting kicked out from SNP planning book
  Please help us.
  Thanks
  Ramesh

  Hi Ramesh,
  As far as I know, users should not get kicked out unless someone terminates their session.
  Even if they lock some data and the same data is needed by some job, it's the job that would fail showing data lock. Similarly, if some other uses tries to access the locked data, the user who is accessing later would face the issue of not being able to go to edit mode.
  It's possible to write programs that could specifically do this work of kicking out users before we run batch jobs, but let me assume that this is not the case with you.
  One possibility is that there is issue in livecache and so users are not able to access livecache or get kicked out from their active session (e.g. your log area gets full, then users would soon get kicked out after seeing the system hanging initially). This you would need to check at the time when users face issue. This would also mean that other processes that need livecache should also fail e.g. GATP, or SNP planning or PPDS planning related jobs would fail at the same time.
  If you could share exactly what error message the users are seeing, that could be helpful in resolving the issue.
  Thanks - Pawan

• New users are getting "cntl_error" whenever login into the portal

  Dear Experts,
  New users are getting "cntl_error" whenever login into the portal. They are accessing .par application. I have read so many threads, but unable to find exact solution.
  I have tried in my browser with the user login, then no error. But the user login there end then its giving "cntl_error" error.
  Problem with Internet Explore Browser? Any additional setting required for users browser?
  Could you please help me, how to resolve this error.
  Thanks in Advance.
  Regards,
  Vijay.

  Hi Vijay,
  Check this thread - "CNTL_ERROR" raised,error key: RFC_ERROR_SYSTEM_FAILURE- Show Team Calendar , this might help you on what you are looking for.
  Regards,
  Sen

• Some external Users are getting Duplicate Emails from our domain

  Some external Users are getting Duplicate Emails from our domain. I have Exchange 2013 and is properly configured. A user reported me that, I sent one email to the other domain's user, and it was delivered twice after 1 or 2 hours.  I checked the Message
  track log on exchange servers and email was resubmitted and sent from the edge server after 2 hours.
  I have no idea why this is happening? can you please help me on this issue.

  Hi Aleem,
  Maybe some hidden rules cause this, I suggest use MFCMapi tool to double check whether there is any hidden rules exist.
  Thanks
  Mavis
  Mavis Huang
  TechNet Community Support

• CSS users are getting disconnected intermittently

  Friends,
  I've issues with CSS, users are getting disconnected intermittently and sometimes getting a lot of delay. could you please advise what kind of troubleshooting can be done.
  Thanks...

  config is as follow:
  service presence1.com
  ip add 192.168.1.1
  protocol tcp
  port 80
  keepalive port 80
  keepalive type http
  keepalive uri "/hi.asp"
  active
  service presence2.com
  ip add 192.168.1.2
  protocol tcp
  port 80
  keepalive port 80
  keepalive type http
  keepalive uri "/hi.asp"
  active
  owner presences
  content presence
    vip add 172.30.1.1
    protocol tcp
    port 80
    url "/"
    balance weightedrr
    advanced-balance sticky-srcip
    sticky-inact-timeout 45
    add service presence1
    add service presence2
    active
  load balanced url: presence.com/abc
  servers load balanced:
  presence1.com/abc
  presence2.com/abc
  so, when typing  presence.com/abc int the browser, I'm getting diverted to  presence1.com/abc or  presence2.com/abc after loggin on.
  pls advise.

• Guest users not getting IP address

  I am setting up Cisco wireless along with ISE 1.3 for guest wireless.  The client is going to use the self-registration portal for guest wireless users.  I followed this Cisco doc to configure the self-registration portal:
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/118742-configure-ise-00.html
  I tested this in my home lab and everything works fine.  However, at the client users are not getting IP addresses from the DHCP server.  This is the same DHCP server that is used for corporate wireless and if you connect that SSID, you get an IP address.  I have looked what I configured at home and the client and everything looks the same.  In the back of my mind, I feel something is missing, but I can't figure out what it is.  
  Edit: Not sure if this makes a difference or not, but they are using a Nexus 5K for their core switch and it hosts the SVI for this network.  
  Let me know what information you need and I will post it.
  TIA,
  Dan

  Hello,
  Some verifications below :
  Did you verify if DHCP Proxy is enabled in wlc's wlan interface ? Case DHCP proxy is disabled, did you verify if the ip helper address is enabled in Nexus SVI ?
  DHCP Scope is enabled in the DHCP Server or is enabled in the WLC ?
  Verify if Trunk in the switch is enabled correctly passing all VLANs to WLANs ?
  Verify if ACL to redirect configured in the WLC is allowing DHCP Server and DHCP Client to client receive IP Address and ports 8443 to Cisco ISE and DNS to resolve some address and get access to ISE Portal ?
  The scenario is Local Switching or Central Switching ?
  Regards

• Wireless 2504,user not getting dhcp ip address

  Hi i have configured wlc 2504 .in that i have configured two interfaces.one is guest, 2nd is internal user,
  the pblm when user try to connect with that contain ssid user not getting ip address,
  i have connected only one link between core to wlc on port 1.for guest interface i used port 4.but no physical link.
  Please help this

  There are multiple ways how the clients can get their IP-address in a WLC deployment.
  From the WLC-FAQ:
  How does DHCP work with the WLC?
  A. The WLC is designed to act as a DHCP relay agent to the external DHCP server and acts like a DHCP server to the client. This is the sequence of events that occurs:
  Generally, WLAN is tied to an interface which is configured with a DHCP server.
  When the WLC receives a DHCP request from the client on a WLAN, it relays the request to the DHCP server with its management IP address.
  The WLC shows its Virtual IP address, which must be a non-routable address, usually configured as 1.1.1.1, as the DHCP server to the client.
  The WLC forwards the DHCP reply from the DHCP server to the wireless client with its Virtual IP address.Note: You can also configure the WLC to act as a DHCP server. For more information on how to configure a WLC as a DHCP server, refer to the Configuring DHCP Scopes section of the document Cisco Wireless LAN Controller Configuration Guide Release 5.1.
  If you want more in-depth information you should read "DHCP with the WLC":
  http://www.cisco.com/en/US/partner/products/ps6366/products_tech_note09186a0080af5d13.shtml
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Wireless Guest Users Self Registration

  We are looking for a solution where for guest user self registration an email will be send to the employee/network admin for approval request before providing the network access to guest users.
  Please let me know if ISE is having this feature. Also let me know the other options.

  If you want to go through the process of having a employee or "sponsor" approve the account, why not just have the person who would be the appover create the account for the guest user and cut out the middle step? This is the process we have been using and so far so good!  If abuse is a concern we try to keep tabs on that by occasionally checking the logs in ISE to see if any one user is creating many account or consistantly has an account that may be for non work related functions.

• We deployed Acobat Standard XI on a closed domain and make it available to our customers as an App-V.  Customers start the app, they are getting "Please connect to the Internet and retry".  They are also getting, "Please connect to the internet.  Activiat

  We deployed Acrobat XI Standard on a closed domain (not connnected to the internet) and make it available to our customers as an App-V.  When our customers run it, they are gettiing "Activation Required, Please connect ot the internet."  Another thing they are getting is "Please connect to the Internet and retry".  Is there a setting we can make to preclude this from happening?

  Acrobat is not supported.
  App-V Deployment — Enterprise Administration Guide
  It will be sometime after the next major release (DC products).

• Guest users cannot see or connect to shares on Snow Leopard 10.6.1

  I recently upgraded to Snow Leopard from 10.5. After upgrading, users connecting as "guest" to my computer cannot see any of the shares (and therefore cannot connect to them).
  If I connect as my administrator user from another computer, I can see all the shares, as well as all the volumes.
  I have verified that the Guest Account is enabled (Allow guests to log in to this computer) in the Accounts preference pane, and of course File Sharing is turned on in the Sharing pane, and all the shares are listed with the correct permissions.
  This is a very strange and perplexing problem. Any help would be most appreciated!

  If they are connecting as a registered user they can see all the shares....but as a guest they cannot...I'm trying to find what might causes that problem....I really cannot think any logical reason... Everything in my options seems to be ok... So after the 10.6.2 update your problem solved ? I think that you were very lucky man...If you find any answer to that problem please let me know...
  Anyway,Thank you for your reply!

• Wireless guest users cannot ping if ACL is applied

  Hi friends,
  This is the first time I am trying my hands on wireless gears. I have 2500 WLC and 1142 AP (which I converted from Standalone to LAP).
  I have a layer 3 POE switch where i am using port 1 for the WLC which is a trunk port.
  Port 2 is for the AP using access vlan 111
  Port 3 is trunk port going to a router where i am running dhcp server for the VLANs which are as follow:
  VLAN 110 -Corp Wireless (10.1.110.0/24)
  VLAN 111 - AP-Mgmt (10.1.111.0/24)
  VLAN 999 - Guest (10.1.101.0/24)
  I wanted to block the traffic from the Guest VLAN 999 but when i apply the ACL on the Guest Interface created on the WLC, I dont see any pings going across and neither I see any hit counts on the deny statement as if the ACL is never applied.
  Can some one guide me to the right direction if i am missing anything??
  Thanks,
  Mohit

  rdvorak wrote:Put the ACL on the WLAN not on the interface.
  But applying the ACL to the interface will affect all WLANs that utilize that interface!!!
  Rating useful replies is more useful than saying "Thank you"

• WCS Wireless Guest Access : Area, building restrictions don't work

  Hello,
  I use WCS to create guest accounts on a WLC4400 local database. Guest login works fine but i can login with any guest account on any campus, building, floor even if the account is apply only on one of those.
  i use a custome Web auth page, this is the cisco's exemple page with our logo.
  WLC44000 - 4.2.61.0
  WCS - 4.262.11
  WLAN Guest setup :
  Layer 3 security : none
  Web policy : authentication
  Over-ride global - config enable

  Yes exacly.
  Only one controller with 15 "campus" (business unit).
  AP are in HREAP (for corporate WLAN). of course (i know it's stupid) guest wlan is in a lwapp tunnel and wrong username or password don't works !