Cisco 4402 Guest lan and product lan DHCP assignment

I'm currently setting up a wirless lan with a Cisco 4402 Wireless Lan Controller and 1 cisco 1242AG Access points.
All the devices include:
Cisco catalyst 6505
Cisco 4402
D-Link broadband router
Connection between them:
6505 trunking with 4402 (dot1q and trunk vlan 1 and vlan 3, but i found that all vlan on the 6506 will trunk together), wlan 1 is production lan while vlan 3 is Guest lan)
6505 vlan 3 is connecting to D-Link broadband router as a guest lan
both vlan 1 and vlan 3 have DHCP server for production PC and guest notebook respectively.
On 4402, i have two interfaces and 2 WLAN. one interface for production lan pointing DHCP server to product DHCP address and the other interface for guest lan, which pointing to guest lan DHCP server.
when a notebook connec to guest lan, it will assign an address from guest DHCP server, while connecting to production lan, a production IP will be assigned last week. But the things change w/o changing the structure, when i connect to guest lan SSID, the ip suppose assign by the Guest lan DHCP, but it failed, the notebook got ip address from production lan.
Is it trunking makes those all Vlan "mixed", and get ip from the DHCP server with faster respone time?
How can i make sure when i connect to guest lan, the ip will be assigned from Guest Lan DHCP server and vice versa?
Many thanks!

Here is the URL for the Cisco Guest Access Using the Cisco Wireless LAN Controller which will help you :
http://www.cisco.com/en/US/docs/wireless/technology/guest_access/technical/reference/4.0/GAccess.html

Similar Messages

  • Define static IP for both LAN and W-LAN devices with an Airport Extreme Base Station

    Hey guys,
    I have a lot of different devices connected to my Airport Extreme Base Station (5th Gen) either wirelessly or via ethernet cable. Since I control some of them via VNC and currently have to find the corresponding IP-addresses through trial-and-error, I'd like to define static IP-addresses for the computers in question. My network consists of a cable modem connected to a TP-Link WR1043ND router in the basement, from which an ethernet cable leads to the WAN-port of the aforementioned Airport Extreme Base Station on the 2nd floor. Two of the devices I want to remote-access are  wired to a D-Link DES-1005D switch, which in turn is connected to the 1st ethernet port of the Airport Base Station. The remaining 3 remote clients are connected over 802.11n. All computers run Windows.
    My problem now is that even though I was able to define static IP-addresses employing the "DHCP only" router mode, this didn't seem to work for the two computers connected via ethernet. Not only did I lose any internet connectivity with those, I even lost the ability to remote-connect to them using the VNC-viewer.
    The question now is: how do I specify static IP-addresses for my ethernet devices correctly?
    I hope you can help me.

    My network consists of a cable modem connected to a TP-Link WR1043ND router in the basement, from which an ethernet cable leads to the WAN-port of the aforementioned Airport Extreme Base Station on the 2nd floor.
    If you read the information in the other post, my answer would be the same here.
    The Router Mode of DHCP Only is rarely used, and would only really be appropriate if your ISP was providing you with a fixed bank of multiple fixed or static IP addresses to use. This does not appear to be the case in your post.
    If this were the case, the first IP address would be used as a Static IP address for your connection, and other devices on your network would receive the other fixed IP addresses.
    99%+ of the time, you would use the Router Mode setting of DHCP and NAT on a network when you want the AirPort to perform as the main router for the network.
    But......your post also indicates that you have another router upstream on your network from the AirPort Extreme.  You would not want to run two routers in series on a network. That explains the problems that you are having.
    The AirPort Extreme needs to be configured in Bridge Mode. It cannot be the "main" router on your network when you already have another router on the network. That is a fundamental networking rule.

  • Cisco NAC Guest Server and shellshock

    Hello,
    We are running NAC server v2.0.2 and would like to know if it's vulnerable to shellshock as the bug report CSCur05629 isn't clear on this. 

    Well you will need to use a 3rd party certificate..  Here is a link to generate and install a 3rd party certificate on the WLC for the use with Web-Auth:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
    Here is a link for the NGS:
    http://tools.cisco.com/search/display?url=http%3A%2F%2Fwww.cisco.com%2Fen%2FUS%2Fdocs%2Fsecurity%2Fnac%2Fappliance%2Fconfiguration_guide%2F410%2Fcas%2Fcas41ug.pdf&pos=1&strqueryid=2&websessionid=RK88fQNWy8TCDUakpNGLOqZ
    The applicances are using a self generated Cisco certificate which of course is not a trusted certificate store in most of all operating systems.  So using a 3rd party certificate like RapidSSL, Verisign, etc will eliminate the certificate issue.

  • Guest LAN and WLAN on Controller

    Hi,
    While creating new ssid, i can see the option guest lan and wlan, whats the difference? which one is preffered?
    Thanks in advance..

    Hi,
    I remember answering this few days and also George joined the thread.. or max week back..
    Guest LAN WLAN =
    1> The clients connecting to the WLAN will have a time limit on the connectivity, for example you can configure the Guest WLAN for 24 hours or something which you want..
    2> I guess George pointed this in the previous thread.. Can be used for Wired Guest Users configuration as well , here is the link..
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml
    WLAN =
    Just nothing but a SSID with security which doesnt have any time limit.
    which one is preffered? =
    Its your network and what ever meets your requirements you can use that.. however both of them does its job with different features involved.
    lemme know if this answered your question..
    Regards
    Surendra
    ====
    Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

  • Software Version Upgrade for Cisco 4402 Wireless Lan Controller

    Hi,
    We have Cisco 4402 Wireless Lan Controller with Software Version 3.2.171.6 and we want to upgrade it to latest version.
    So can anyone please let me know the latest version to upgrade the WLC?
    Also since WLC is running on very lower version is it possible to upgrade to the latest version directly or we have to move it step by step to upgrade this to latest version?
    Thanks

    Take a look at the compatibility matrix below:
    http://www.cisco.com/en/US/docs/wireless/controller/5500/tech_notes/Wireless_Software_Compatibility_Matrix.html
    7.0.235 is the latest that you can go to:
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_235_0.html
    The release notes outline the upgrade process.
    "Upgrade to 4.0.206.0 or later 4.0 release, then upgrade to 4.2.176.0, before upgrading to 7.0.235.0."

  • Server 2012 r2 essentials...urgent help needed...Two separate DHCP servers, one for lan and one for wifi...design picture attached

    hello
    S2012 R2 essentials is in office...Want to have functional 2012 dhcp, dns, ad, wds role for 1gbps wired lan and separate wi-fi for temporary visitors for internet access like gsm phones etc...Need functional anywhere access to office server and computers
    for administering...When worker with laptop go out of office must have have full functional wifi.
    here is picture what i have in my mind with all components in network.
    How to configure L3 switch, router and server? Many thanks

    Hi,
    Based on your description, I understand that you want to prepare network for the Windows Server 2012 R2 Essentials,
    then will run a DHCP Server on the Windows Server 2012 R2 Essentials and correctly configure router. Please refer to following article and check if can help you.
    Before You Install Windows Server 2012 Essentials
    For DHCP, please refer to following article.
    Running
    DHCP Server on Windows Server 2012 Essentials
    For router configuration, please refer to following article.
    Configure a Router - Windows Server Essentials
    If anything I misunderstand or any update, please feel free to let me know.
    Hope this helps.
    Best regards,
    Justin Gu
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Guest Anchors and external DHCP servers

    Hi,
    We are using guest anchors (GA) for supporting wireless guest user.
    Until now we used internal DHCP server on the GA but now we want to move to external.
    For example:
    The guest will reside on 192.168.0.x, this is separated by a firewall from the inside network and is not routable on the inside.(this is the guest interface of the GA)
    The DHCP server will be somewhere on the internal network only reachable by GA's management interface.
    Is it possible for DHCP requests to be forwarded to the DHCP server originating from the management interface?
    If this is not how it should happen, than what other options are there for placing the external DHCP servers?
    Let me know if you need more information regarding our solution..
    Thank you,
    Laszlo

    Hello Laszlo,
    Yes, what you want to do can be done but there are few things that you have to consider.
    First is that you are not going to use the WLC as the DHCP server so you should go to the interface configuration and point the DHCP server to the external one.
    Now, what you want to do here is to make the wireless LAN controller a DHCP relay agent (or proxy), this way the wireless LAN controller is the one handling all the DHCP requests and it is going to be the one asking for an IP address in behalf of the client using the management interface. This behavior is enabled by default and I believe you have it already configured because it is necessary for the internal DHCP server of the WLC to work; it is configured on the "Controller" tab > Advanced > DHCP. On new versions of software this option is configurable by interface.
    There is a catch though, if the DHCP server is an ASA or if the request has to go through an ASA or firewall, this might not work because by design some ASAs will drop every DHCP request comming from a relay agent so just consider this when you do these type of deployments.
    If you have any questions let me know.
    Best regards,
    Marco Gonzalez
    Cisco TAC TL

  • Cisco Wireless Control System need wireless Lan Controller ?

    Cisco Wireless Control System need wireless Lan Controller , for Rogue detection

    Hi Joao,
    The WCS is used in conjuntion with the WLC (Wireless Lan Controller) for Rogue Detection. It is not a must for this function but more of an add-on :)
    The Cisco WCS is an optional network component that works in conjunction with Cisco Aironet Lightweight Access Points, Cisco wireless LAN controllers and the Cisco Wireless Location Appliance.
    From this doc;
    http://www.cisco.com/en/US/products/ps6305/index.html
    Overview of WCS
    The Cisco Wireless Control System (WCS) is a Cisco Unified Wireless Network Solution management tool that adds to the capabilities of the web user interface and command line interface (CLI), moving from individual controllers to a network of controllers. WCS includes the same configuration, performance monitoring, security, fault management, and accounting options used at the controller level and adds a graphical view of multiple controllers and managed access points.
    WCS runs on Windows 2003 and Red Hat Enterprise Linux ES 4.0 and AS 4.0 servers. On both Windows and Linux, WCS can run as a normal application or as a service, which runs continuously and resumes running after a reboot.
    The WCS user interface enables operators to control all permitted Cisco Unified Wireless Network Solution configuration, monitoring, and control functions through Internet Explorer 6.0 or later. Operator permissions are defined by the administrator using the WCS user interface Administration menu, which enables the administrator to manage user accounts and schedule periodic maintenance tasks.
    WCS simplifies controller configuration and monitoring while reducing data entry errors with the Cisco Unified Wireless Network Controller autodiscovery algorithm. WCS uses the industry-standard SNMP protocol to communicate with the controllers.
    From this good doc;
    http://www.cisco.com/en/US/products/ps6305/products_configuration_guide_chapter09186a00806b7270.html#wp1131195
    Detect and Locate Rogue Access Points
    From this WCS doc;
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a00806f070a.shtml#new5
    Rogue Detection under Unified Wireless Networks
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_white_paper09186a0080722d8c.shtml
    Hope this helps!
    Rob

  • Cisco 4402 WLC IOS Upgradation using CLI and Web Interface

    Hi,
    I would like to know how to upgrade IOS of Cisco 4402 WireLess LAN Controller using CLI and Web interface ?
    Can any one help me regarding the same.
    Please answer as soon as possible.
    Thanks in advance.

    Here are the instructions for upgrading the controllers via GUI:
    http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn52.html#wp472449
    Instructions via cli:
    Cisco recommends that a direct CLI console port connection is used to update the controller software.
    1. Make sure a TFTP server is available for the Operating System (OS) software download. Also, keep these guidelines in mind when the TFTP server is set up:
    If a download is performed through the service port, the TFTP server must be on the same subnet as the service port because the service port is not routable.
    If a download is performed through the Distribution System (DS) network port, the TFTP server can be on the same or a different subnet because the DS port is routable.
    The TFTP server cannot run on the same computer as the Cisco Wireless Control System (WCS) because WCS and the TFTP server use the same communication port.
    2. Download the desired OS software update file from the Cisco website to the default directory on the TFTP server.
    3. Log into the WLC CLI.
    4. Issue the ping server-ip-address command to verify that the WLC can contact the TFTP server.
    5. Issue the transfer download start command and answer n when prompted to view the current download settings.
    This example shows the command output:
    transfer download start
    Mode........................................... TFTP
    Data Type...................................... Code
    TFTP Server IP.................................
    xxx.xxx.xxx.xxx
    6. TFTP Path...................................... TFTP Filename.................................. AS_2000_3_0_x_x.aes --OR-- AS_4100_3_0_x_x.aes --OR-- AS_4400_3_0_x_x.aes Are you sure you want to start? (y/n) n Transfer Canceled Issue these commands to change the download settings:
    * transfer download mode tftp
    * transfer download datatype code
    * transfer download serverip tftp-server-ip-address
    * transfer download filename filename
    * transfer download path absolute-tftp-server-path-to-file
    Note: All TFTP servers require the full pathname. For example, in Windows, the path is C:\TFTP-Root. (In UNIX forward slashes (/) are required.)
    7. Issue the transfer download start command to view the updated settings, and answer y when prompted to confirm the current download settings and start the OS code download.
    This example shows the download command output:
    transfer download start
    Mode........................................... TFTP
    Data Type...................................... Code
    TFTP Server IP.................................
    xxx.xxx.xxx.xxx
    TFTP Path......................................
    path>
    TFTP Filename..................................
    AS_2000_3_0_x_x.aes --OR--
    AS_4100_3_0_x_x.aes --OR--
    AS_4400_3_0_x_x.aes
    Are you sure you want to start? (y/n) y
    TFTP Code transfer starting.
    TFTP receive complete... extracting components.
    Writing new bootloader to flash.
    Making backup copy of RTOS.
    Writing new RTOS to flash.
    Making backup copy of Code.
    Writing new Code to flash.
    TFTP File transfer operation completed successfully. Please
    restart the switch (reset system) for update to complete.
    8. The WLC now has the code update in active volatile RAM, but the reset system command must be issued to save the code update to non-volatile RAM (NVRAM) and reboot the WLC.
    This is a sample output:
    The system has unsaved changes.
    Would you like to save them now? (y/n) y
    The controller completes the bootup proce

  • Which Monitoring Tool is best to monitor LAN and WAN

    Hi,
    CAN ANYONE TELL ME Which Monitoring Tool is best to monitor LAN and WAN.
    Waiting for immediate response.
    Thanks
    Irshad

    To start with HP open, this is SNMP-based as well. As it is around for quite a while and delivers support for many vendors, it has become sort of an industry standard. Many other vendors deliver add-ons (even CiscoWorks) to support their products via HP open. That functionality however comes with a price. If you have plenty of money an a large network to manage, HP open might be your best choice.
    Cisco Works and other -start-with-C- products are typically used to manage Cisco devices. If you have a fair share of non-cisco boxes around you will find that you cannot see or do everything with them that you might want.
    One special thing about CiscoWorks is that it lacks a grapical real-time overview of the network. In my opinion this is a weakness in the product. On the other hand, it has many nice features to manage all kinds of Cisco devices.
    My ideal solution is to use both a generic SNMP manager, SNMPc in my case, and CiscoWorks 2000. With SNMPc I can quickly see network node status and do some bandwidth management (baselining). CW2k serves mainly to execute changes (NetConfig) and as a syslogger. It is also used to perform IOS upgrades and to store config files.
    I guess this could be done with HP open as well, but our money does not reach far enough to pay for both. SNMPc costs a lot less, both in purchase and in maintenance.
    Hope this clarifies things a bit.
    Regards,
    Leo

  • Hyper-V Replication over Dedicated LAN and "is alive" checks over Corporate LAN

    I am testing Hyper-V replication to see if it will be a suitable replacement for the ArcServer RHA product.  One thing I am struggling with is configuring the replication to use the dedicated LAN, but still have the host servers verify over the corporate
    LAN.  
    I have seen the blogs on how to use a dedicated route and editing the hosts file to get replication to use the dedicated LAN, but that also changes the LAN in which the host servers communicate.  It seems to me that if the corporate LAN were to go down
    on the master server, I wouldn't be able to fail over the virtual machines to the replica server without first having to connect into the master server through the dedicated LAN of the replica server to shut down the virtual machines.
    I need to be able to fail over to the replica server if the corporate network connection on the master server drops without having to go through the extra steps of connecting into the master server first.
    Is it possible for the two items to be separated?  Can I tell Hyper-V to replicate using one specific IP destination on the dedicated LAN and have the replica server check to see if the master is live over the corporate LAN?

    Hi Telrick,
    >> It seems to me that if the corporate LAN were to go down on the master server, I wouldn't
    be able to fail over the virtual machines to the replica server without first having to connect into the master server through the dedicated LAN of the replica server to shut down the virtual machines.
    I want to say that there are "planned fail over" and "unplanned fail over " , the latter applies the primary server crashing (you can select "failover" on "replica server " then the VM will start up ,after the primary
    server online again you can do "reverse" )
    The point is that you can not use hyper-v replica as a backup (it will lost little data which have not yet been replicated to replica server when "unplanned fail over" happens ) 
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Transparent Tunneling and Local Lan Access via VPN Client

    Remote users using Cisco VPN 4.2 connect successfully to a Cisco Pix 515 (ver. 6.3). The client is configured to allow Transparent Tunneling and Local Lan access, but once connected to the Pix, these two options are disabled. What configuration changes are required on the Pix to enable these options? Any assistance will be greatly appreciated.
    Mike Bowyer

    Hi Mike,
    "Transparent Tunneling" and "Local Lan Access" are two different things. "Transparent Tunneling" is dealing with establishing an IPSec Tunnel even if a NAT device is between your client and the VPN-Headend-Device. "Local LAN Access" is dealing with access to devices in the LAN your VPN-Client-Device is connected to.
    What do you mean exactly with "disabled once the connection is made" ?
    You can check the local LAN Access by having a look at the Route-Table of the VPN-Client:
    Right Click the yellow VPN-lock Icon in System-Tray while the VPN-Connection is active and select "Statistics ...". Have a look at the second register page "route details".
    Are any local LAN routes displayed when your are connected ?
    And - always remember two important restrictions the Online Help of the VPN-Client is mentioning:
    1: This feature works only on one NIC card, the same NIC card as the tunnel.
    2: While connected, you cannot print or browse the local LAN by name; when disconnected, you can print and browse by name.
    Carsten
    PS: Removing Split Tunnel won't enable local LAN access as all traffic would be sent into the IPSec tunnel.

  • WRT150N (New) Gateway IP stops responding to LAN and wireless clients. Hangs, stops, loss of service

    WRT150N Firmware Version: v1.51.3 : From LAN and wireless connected devices, Internet connectivity is lost. I try to ping the LAN side gateway IP address from my laptop and desktop, no response. Web management does not work either. Power re-cycle of the WRT150N fixes the problem. The problem is infrequent, it can happen twice per day or once every 2 days.
    When the problem occurs,
    the DHCP info in my clients looks fine and shows the correct gateway IP address, mask etc. ;
    the desktop and laptop can still ping each other;
    The gateway is unreacheable and all out going connectivity is lost
    Does anybody have any solution or maybe has had the same experience.
    I cannot track the problem happening to any particular event or usage pattern however I am using the Azureus bit torrent client all the time.
    I have an incident raised with LinkSys Technical Support but no response so far from them.
    WRT150N Firmware Version: v1.51.3  

    Hi - please go to this thread for more details:
    http://forums.linksys.com/linksys/board/message?board.id=Wireless_Routers&message.id=103033#M103033
    or search for the other thread started by (fb2k). But briefly over the 1 year period since this thread started my local store replaced my wrt150n 3 times and then gave me a wrt160n which was replaced and its still having the problem. I am now running Open Source wireless software (DD-WRT) on the WRT160N and it has been up 18 days with no restart. I didnt want to do this but I got fed up taking my unit back to the store. Thanks to fb2k (on the other thread) for taking the plunge and reporting success with the DD-WRT software.
    Message Edited by NetGuy-Dubai on 08-23-2008 01:06 PM
    Message Edited by NetGuy-Dubai on 08-23-2008 01:07 PM

  • Wireless Guest Network using Cisco 4402 as an Anchor Controller

    Hello,
    We have recently redesigned our wireless guest network in accordance to Cisco's recommended deployment using the anchor controller in the DMZ. We have created two mobility groups (enterprise and anchor). The anchor controller and DMZ has two subnets (guest managment and guest clients). The guest management subnet is connected to the controller and firewall allowing the mobility groups and EOIP tunnels while the guest client network is also connected to the controller and firewall to push the client traffic directly out the firewall. The setup works well but the one part that I'm not happy with is the DHCP. Currently DHCP is being handled on the firewall because of issues we had with dhcp relay and the controllers internal dhcp service.
    Does anyone have any information on getting DHCP relay working or the internal dhcp service on the controllers when using as a anchor?
    This is basically the setup guide that we followed.
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html
    Thanks!

    Hi,
    Make sure you have the IP helper address configured under the VLAN interface on the L3 and also make sure to disable DHCP proxy on both the WLC (Anchor and Foreign).
    This will help us as well..
    lemme know if this answered your question..
    Regards
    Surendra
    ====
    Please dont forget to rate the posts which answered your question and mark it as answered or was helpfull

  • 802.1x Authentication on Wired and Wireless LAN

    I have successfully configured 802.1x authentication on wired and wireless Lan. We have Cisco Switches, ACS SE and Windows AD.
    But i have one issue regarding the Single Sign on while authentication using the 802.1x with Windows Active directory the users that are login first time not able to logon but the users that have their profiles already existed in their PC then there is no issue and they successfully authenticated and login easily.
    Is there any way of login successfully for the users first time using 802.1x authentication with Windows AD like a Single Sign On?

    We ran into the same situation from time to time. We implemented 802.1x authentication using the Cisco Secure Services Client (SSC) on the windows hosts.
    At the beginning we were completly unable to logon on the maschines where no locally stored windows profile exists. After change to timeout to authenticate at the network in the SSC options we are able to logon to the network and also be authenticated by the domain controller.
    Sadly this works out often as a timing issue. Most times the user needs to try a couple of times. At the moment, I'm also very interessted in a good way to avoid this (as it seems to be) racecondition.
    Hope that someone else has any clue?

Maybe you are looking for

  • Credit card file upload(Tcode: PRCC) in a batch process

    Hi all, Is it possible to make credit card file upload(Tcode: PRCC) in a batch process. when i tried doing so got message "frontend function cannot be created in batch mode" . I am aware that it is because this program is using "GUI_UPLOAD" function

  • Crash in native calls to MAPI

    Hi All In the application that we are developing, we have java wrapper over Micosoft MAPI calls to integrate with MS Exchange Server. Our Application can be run in two modes (local and remote). In local configurations, all the calls are in the same J

  • TOC Book  Item without an associated page

    I may well be missing the point here - no change there, then! - but how (in RH7) do I get a sub-section, a book within a book, into the left navigation but not have a link with its name in the breadcrumbs appear in the main content pages? Or can I no

  • Computer crashes during iPad Photo Sync.

    Hi everyone, I'm trying to help my grandpa get set up on his new iPad (he's a tech-savvy grandpa, I know) but for some reason his computer crashes when trying to sync his photos with his iPad. He's using Windows Vista, and I'm a Mac person myself so

  • A failure exit code of 257 was returned - Offfice Communicator 2007 deployment

    Hi I'm trying to deploy Office Communicator 2007 with the MSI-File, the patch with the msp-file and the mui also an msi file. I do this with a task sequence. I tested the deployment a couple of times and it worked all the time. Now I deployed the pac