4402 - Guest Access no longer working

When this started, I cannot be sure, but it has been working for sometime now and cannot understand where the problem is.
There is one guest interface, one guest WLAN. The WLAN is set with a DHCP override address of the guest interface. But it no longer allows this as I found out. Anyway, I can get the client to now receive an address from the internal pool on the WLC, but it will not route to the authentication page. I noticed that the WLC excludes the clients attempting to connect on the guest WLAN due to failed 802.1x authentication! the WLC never even gave me the chance to authenticate using an account created either through the lobby ambassador or creating one directly on the controller.
Any ideas?

It looks as though there is a couple of issues here. Firstly, there was a problem on LAN preventing communications. This is now fixed. Secondly, the internal DHCP service on the WLC's would not allow the WLAN to override the DHCP server address with the address of the guest service - although it allowed it previously. Why it suddenly stopped working, I have no idea. The second part to this is that when attempting to draw an IP address from te neighbouring WLC, it placed the client in to quarantine. Again, not sure why it is doing that.
In any case, it looks to be a problem with the internal DHCP service. I will create a second interface to mark as the DHCP server on the WLC. If this continues to be a problem, I will use an external source.

Similar Messages

  • Guided Access no longer working

    Ive used my guided acess on my iphone 4 with ISO 7.1.2 for my daughter to play with. Now it's no longer working. the triple click still works but it does not with the guided access. Any help on figuring out how to get it to work would be greatly appreciated. I've tried turning off triple click and guided access with no luck. I've also done a reset on my phone.

    It is a wireless connection, yes. Every other device in the house works just fine off of this connection. The PC tower itself claims to still be connected via wireless, but is not. I don't know how to connect other than wirelessly, as the cable modem is in another room.

  • 4402 Guest Access Issues

    We currently have a 4402 Controller with several AP's configured and working great. We have 2 SSID's mapped to 2 different VLAN's as well. 1 SSID is for Internal use and has EAP-FAST, ACS Auth, etc configure. The Guest SSID is using the local net usernames as expected, however, it is also using the ACS server as well. We would prefer to prevent internal employees from even being able to authenticate to the Guest SSID. Any ideas?

    This doesn't seem to do it for me.
    Here's what I have on the ACS Server for the Default Group:
    Define IP-based access restrictions (checked)
    Denied Calling/ Point of Access Locations
    NDG:TACACS (For our switches/ routers
    Port: *
    Address *
    Define CLI/DNIS-baswed access restrictions
    Permitted Calling/ Point of Access Locations
    Controller
    Port: *
    CLI: *
    DNIS: *Internal
    Thanks in advance

  • Internet Access no longer working

    Hello there. I have a HP Pavilion Elite HPE Series tower that no longer goes online for me. I'm getting a strong signal, and according to the Network center I  am connected. But I can't get online, not with any browser. I don't know why this happened. Nothing changed, it just stopped accessing the internet one day.
    The Product Number is: XM558AV#ABA
    The Model Number is: HPE - 480t
    What do I do?

    It is a wireless connection, yes. Every other device in the house works just fine off of this connection. The PC tower itself claims to still be connected via wireless, but is not. I don't know how to connect other than wirelessly, as the cable modem is in another room.

  • Guest access on E2500 not working but everything else is fine.

    HI.. I  did not use the CD to set up,  and instead set this router up manually. We are using this router right now as a hotspot only.. and all is good. I can see both new networks and the WIFI laptops are talking  no problem. Only  issue I have  is that guest access is not working - by that I mean it can't get out on the internet. I can see it as available and connect to it. Guest access and SSID broadcast are both enabled obviously.
    Is there something special guests have to type into a browser? Or did I need to use the CD? (I read on a google search that cisco connect on the CD must be used?)  Any help very much appreciated!

    Really appreciate your help with this. I am a bit of a novice here.. but.. After some more searching on this issue I notice your comments (cut/pasted  below)  with respect to this router and bridging mode. You mentioned that I should update my firmware on this router and that this would (if I am interpreting your reply correctly) facilitate my LAN to LAN connection and of course using this router simply as an access point and more to the point -  having the use of the guest network. So my question is even if I did update firmware,  seems I would still require 3rd party software to make this work? (re your last sentence in your comments below)  Just need to understand the process and determine whether or not it is worth it (or maybe I should upgrade the router) but I don't want to change the configs of the network wired router at this time... and need to use the E2500 or facsimile as  simply an access point with  guest network functionality,  Thanks much appreciated.
    "Again: some E series routers already support wired bridging in firmware, i.e. to use the router as simple access point.
    This is and was always possible using a LAN-LAN setup instead.
    The problem with the LAN-LAN setup is, however, that you have some limitations accessing the network storage or network printer, e.g. the router doesn't have the correct time and you cannot access the storage from remote using port forwarding through your main router.
    These limitations have been overcome with the wired bridge mode (internet connection type = bridge mode).
    But again: this has absolutely nothing to do with wireless bridging. That's something completely different and is not supported on Linksys routers in any firmware version so far. To do wireless bridging (i.e. the Linksys routers connects wirelessly to another main router) you need 3rd party firmware."

  • 2504 with new-architecture enabled breaks MAC auth for guest access

    Hello,
    We have (2) 2504 WLC running version 7.6.120. WLC1 is the local controller and WLC2 is an achor controller for guest-access. We need to incorporate a 3850 for use with the WLC2 anchor. The guest access is currently working with Mac-Auth and Mac-Auth-Fail to Web-Auth.
    When converged access is enabled on the WLC1 and WLC2, the MAc-Auth no longer works. That is, the previously authenticated user is now redirected to the Web-Auth page. The local controller shows the user as authenticated but the Anchor controller shows the state as WEb-Auth-REQD.
    Rolling back using "config mobility new-architecture disable" and rebooting resolves the issue.
    Does anyone what changes from the old to the new that would break this mac-auth/web-auth configuration?

    You should reach TAC for these sort of issues. Not many people deploying this CA setup yet & you may not get direct feedback immediately.
    HTH
    Rasika

  • Windows 7 and Wireless Guest Access

    Dear All, one of my Customers uses 4400 based Guest Access Solution with L3 Webauth. With XP everything works Fine. Since the Migration to Windows 7, Guest Access is not working correctly. It takes a long time to get an IP Address via DHCP, sometimes it idles to 169.xxx. If an IP Address is provided, the Redirect will not work. Has anybody seen similar Problems with Win7 or a Solution?
    Regards, Michael

    Found a solution for the "Boot Camp x64 is unsupported on this computer model" message. Here is the link: http://www.techulous.com/hardware/how-to-apple-boot-camp-64-bit-for-windows-7-on -unsupported-macs.html
    Everything works ( for ) now. Yay!

  • E4200v2 Bridge Mode + Guest Access: No DHCP IP's assigned?!

    New E4200v2 on 2.0.37.  In "Bridge Mode - DHCP" (i.e. Access Point not router).  Guest Access is enabled & SSID broadcast.  Dhcp Server is disabled, because my main Sonicwall router is providing that for main LAN 192.168.1.0.
    PROBLEM = Client PC can see "-guest" SSID fine and associate to it, BUT PC does NOT receive a DHCP IP address (i.e. 192.168.33.x) therefore the browser login page never appears and guest access does not work.
    I'm pretty sure that it's all related to DHCP.  I'm assuming that the E4200 is not receiving or sending guest DHCP packets with the client PC.
    I seen Guest Access work on the older E4200v1's before so I know what it should look like.
    Can anyone suggest any likely reasons why my E4200v2 wouldn't be providing DHCP guest addresses in the 192.168.33.0 subnet?
    I only have 24 hrs until I have to deploy 2 new E4200v2's at a remote site, and after that it's going to be really hard to troubleshoot because I won't be at that site.
    Thanks in advance for any expert advice!
    Solved!
    Go to Solution.

    When you're in bridge mode DHCP server option goes away.  And I don't care if DHCP requests are getting to my Sonicwall b/c that device is not going to assign the Linksys Guest IP's... E4200 must do that, apparently in a totally hidden way.
    In any case, I don't have any more time to waste on E4200v2's so I'm going to try some E4200v1's which I just happen to have handy, thankfully.
    If Bridge Mode + Guest Access works better on the V1's then I'll retreat back to that older more obsolete hardware. 
    I'll report back later.
    (In meantime if anyone else cares to offer their knowledge experience about this, V2 or V1, I'm all ears)
    gv wrote:
    Do guests get an IP address if you enable the DHCP server?
    Do you see guest DHCP requests on your sonicwall?

  • Wired guest access on WLC 4400 with SW 7.0.240.0

    Hello,
    after we upgrade our Wlan-controller 4400 from software 7.0.116.0 to 7.0.240.0
    wired guest access don't work anymore.
    All other things works fine, incl. WLAN guest access!
    When we try wired guest access, we get the web-authentication page and can log in.
    On the controller we can see that the Policy Manager State changes from WEBAUTH_REQD
    to RUN.
    But then there is no access to the internet.
    We tried also SW 7.0.250.0, same problem!
    Log Analysis on the WCS:
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :The WLAN to which client is connecting does not require 802 1x authentication.
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client does not have an IP address yet.
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L3 authentication is required
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role update request. from Unassociated to Local Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.101.200.11
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role changed. State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :DHCP successful.
    Time :03/12/2014 14:21:26 MEZ Severity :ERROR Controller IP :10.101.200.11 Message :Client got an IP address successfully and the WLAN requires Web Auth or Web Auth pass through.
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client IP address is assigned.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Webauth user logged in to the network. manni
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :AAA response message sent.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
    Trying http://www.google.de .... doesnt work. No Log Entries. Next entries while logging out.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Web auth is being triggered again.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L2 authentication has been completed successfully.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :WebAuth user Logged out from network.
    Has someone a idea how to solve this problem?
    Regards
    Manfred

    Hi
    Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
    The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

  • WLC based mobility-anchor guest access solution

    Hi everybody,
    My new setup with WLC baesed guest access solution is working well. I am using web based login authentication for wired & wireless solution. And everything is running through out the WLC. The WLC is granting access to is the internet for the guests. My question is how about printers and other devices that cannot make web based authentication. How can i get them to work in the same setup?
    best regards,
    Sahin

    For wired, you simply need to configure mac aut bypass on the printer switchports and point that to the ACS.
    If it's accepted, the port will go in the printer vlan, if not, you can chose the behavior (block access, put in another vlan, etc ...).
    For wireless, you need to enable "mac filtering" on the SSID, so it's best to create a separate SSID for the printers then because you want to authenticate those by mac address and you don't want that for the other clients probably.
    You can then also point the mac filtering towards ACS on the wlc.
    From there you can either have the macs stored locally on ACS or in your ACtive Directory or wherever you want.

  • WRT1900AC Guest Access

    Hello,
    I notice that the guest access feature only works if the DHCP server on the router is enabled. We have a Windows 2008 domain controller in our network which is hosting the DHCP service and we would rather not change this. Is there any way to make the guest access function work using a DHCP server *not* hosted on the router?
    Thanks

    Not sure if bridge mode would work for you and still allow Guest Zone or not. 
    You could try Cascade mode however this would introduce a 2ndary DHCP subnet on your system I think:
    http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=169333b784cf4c78b8db5490f85c518a_Setting_.xml&pid=...
    You might want to phone Linksys support, ask for level 2 support or higher....

  • VNC no longer working after Leopard install

    I have been running Vine Server on my machine for several months now without a hiccup, and I've really gotten used to being able to access my home machine from work. However, after upgrading to Leopard last weekend, my remote access no longer works. The Vine Server application appears to be running just fine, but when I try to access the VPN from work (using TightVNC - same as I've always done) it just hunts for a few minutes and then tells me it can't find the network.
    I haven't changed any settings on either the router or the Mac. Any idea what's going on here? How can I get my remote access back?

    Screen sharing is broken for me as well, trying to access a mac mini server (was snow leopard - is now Lion) from an iMac using the Lion server admin tools. It says "Connecting to "192.168.1.7"" but never connects.
    SSH connects though so perhaps you can wrestle control of the server using the terminal.
    I can't use the machine locally, the keyboard and mouse are unresponsive and there is no hdmi output to the Sony Bravia that its connected to.
    I'm pretty close to doing a full re-install but I need to track down some urls posted on one of the blogs that the server was running first.

  • How can I sync my iphone songs to a new library without losing the songs on my iphone. I no longer have access to the old library as it was on a company computer that I no longer work for.

    how can I sync my iphone songs to a new library without losing the songs on my iphone. I no longer have access to the old library as it was on a company computer that I no longer work for.

    Third Party software do a google search

  • I have updated to ios 7 and Microsoft outlook web access for work emails no longer works nor my remote access can you help

    I have updated to ios 7 and Microsoft outlook web access for work emails no longer works nor my remote access can you help

    This happened to me as well. I read somewhere else that resetting the network settings (General, Reset, Reset Network Settings) would help and it partially did. I get half (the folders) of the Web Access screen rather than a blank screen. I tried tihs a few more times and got the right half (the messages) on occasion but never the whole web page.

  • Can no longer access my itunes account because my riginal computer no longer works. Now need to access prepurchased apps to download on my Ipod since i had to reset it. I have a new laptop.

    Can no longer access my itunes account because my original computer no longer works. Now need to access prepurchased apps to download on my Ipod since i had to reset it. I have a new laptop.

    Downloading (using iOS or computer) past purchases from the App Store, iBookstore, and iTunes Store - http://support.apple.com/kb/ht2519 - enabled with iTunes 10.3 and newer; not all media formats are available in all countries (see: iTunes in the Cloud, iTunes Match, and iTunes Radio availability by country - http://support.apple.com/kb/HT5085); apps, books (not audiobooks), music, t.v. shows, and movies (some - not all studios have permitted this). Downloading previously purchased movies and TV shows requires iTunes 10.6 or later. Discontinued items not available. For items not included in the iCloud list (e.g., ringtones, audiobooks), or locations or computer systems where iCloud is not (yet?) available, you only get one download per fee paid. Apple recommends, "You always back up your iTunes library in the event that a purchased item is no longer available on the iTunes Store," (http://support.apple.com/kb/ht2519).
    You will be using your original AppleID and password.  that works for any computer you own now or in the future.  Do not make a new appleID.

Maybe you are looking for

  • Recovering Data from a Back-up

    So I just recently dropped my iPhone into a gutter full of water. Yes it ***** but I'm over it (mostly). Now I know each time you update the software it makes a backup copy of your iphone. Is there anyway to retrieve all that data? If I buy a new iPh

  • Can't log in through the web controller

    i am operating the mac x server 10.5, it works well with the podcast capture. I install the podcast capture web controller just now. When i try to log in through the safari with https://myserver:8143/ with username and password(username:pcastadmin, p

  • How do I learn about my missing $3000 computer?

    I ordered an iMac and it arrived DOA.  I sent it back for a replacement and it was received the days ago.  I have called asking about a replacement and the phone helper said they would send it.  How long should I wait?  I also paid for apple care whi

  • How do I get pictures off my Old de-active device?

    How do I get pictures off my old de active device.  The device still works I just upgraded and now would like my pictures put on my PC.

  • Read ADE DRMd Epub books on the iPad - Does Apple have an app for this?

    I have some books in ADE DRMd Epub and I would like to read them on my iPAD.  Does apple have an app to read these type of books?