Configuring autonomous 1141 to do DHCP for Guest WiFi

I have an existing setup consisting of:
Windows Server - doing DHCP for private wired/wireless
Cisco 1141 Autonomous WAP with only private wireless access.
ASA 5505 (with very basic licensing)
HP switch
The customer wants to have guest WiFi.
The guest WiFi is going out to the internet via a seperate VLAN/interface on the ASA.
Can the 1141 do DHCP for the guest WiFi? Or do I need to do it via the ASA?

It could but you would have to relay it from the ASA. So might as well just use the ASA for the scope.
Steve
Sent from Cisco Technical Support iPhone App

Similar Messages

Please help me with Time Capsule Set up for guest wifi?

I am just setting up TimeCapsule
I need help setting up guest wifi.
I show I have a workgroup ht is that?

You enable the Guest Network feature on your Time Capsule by using the AirPort Utility.
For v6.x: AirPort Utility > Select your AirPort base station > Edit > Wireless tab > Enable Guest Network

WLC 2006 INTERNAL DHCP FOR GUESTS CLIENTS

I would like to use the internal DHCP to issue ipaddress to the guest wireless clients.
However; when i setup the wlc internal DCHP scope and try to connect to the wireless guest vlan the WLC debug DHCP reads ...forwarding to 192.168.255.2 which i have listed as the gateway to the pix
any examples on how to do this would be great.
here is what i have for the dhcp scope:
Dhcp Scope Info
Scope: Guest.Data.DHCP
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.255.17
Pool End......................................... 192.168.255.30
Network.......................................... 192.168.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0
Here is what i have for the wlan
WLAN Identifier.................................. 2
Network Name (SSID).............................. Guest.Data
Status........................................... Disabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. Infinity
Interface........................................ guest.data
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Enabled
Quality of Service............................... Silver (best effort)
WMM.............................................. Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
--More-- or (q)uit
Radio Policy..................................... All
Security
802.11 Authentication:........................ Open System
Static WEP Keys............................... Disabled
802.1X........................................ Disabled
Wi-Fi Protected Access (WPA/WPA2)............. Disabled
CKIP ......................................... Disabled
IP Security Passthru.......................... Disabled
Web Based Authentication...................... Disabled
Web-Passthrough............................... Disabled
Auto Anchor................................... Disabled
H-REAP Local Switching........................ Disabled
Management Frame Protection................... E

when i try to assocate the dhcp scope to wireless.guest.data interface using 192.168.255.1 which is the ip of the that interface it will not let me. I would have thought since i was using the interal dhcp that the .1 address would be the dhcp scope address also. i can assign 192.168.255.0 or 192.168.255.2(gateway)if i use .0 or .2 the dhcp request (discovery) process starts and then will forward to .2 (gateway) and never assign an address. the only thing that happens is that the client wireless interface will get 255.255.255.255 for a few seconds then go away.
what i am trying to accomplish is to connect the wlc port 2 directly to a pix 506 which goes to the internet so the guest traffice is not on our vlan.
any other suggestions on guest vlans would be appricated....
Tom
Interface Name................................... wireless.guest.data
IP Address....................................... 192.168.255.1
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.255.2
VLAN............................................. 150
Quarantine-vlan.................................. no
Physical Port.................................... 2
Primary DHCP Server.............................. Unconfigured
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Scope: wireless.guest.data.dhcp.server
Enabled.......................................... Yes
Lease Time....................................... 86400 (1 day )
Pool Start....................................... 192.168.255.17
Pool End......................................... 192.168.255.30
Network.......................................... 192.168.255.0
Netmask.......................................... 255.255.255.0
Default Routers.................................. 192.168.255.2 0.0.0.0 0.0.0.0
DNS Domain.......................................
DNS.............................................. 0.0.0.0 0.0.0.0 0.0.0.0
Netbios Name Servers............................. 0.0.0.0 0.0.0.0 0.0.0.0

2504 WLC on edge network for guest wifi

I have a 2504 WLC with a 1042 AP and I have it placed on my edge Cisco 3750 switch.
I have the management interface of the WLC set on my WAN IP 71.x.x.x subnet range, and I have the WLC doing DHCP duties with a DHCP scope of 192.168.X.0. I have my DNS servers set on external DNS servers out on the Internet.
I have two Cisco 3845 Routers on my edge network - one for each ISP with BGP protocol.
Since my native VLAN is 71.x.x.x, I added a sub interface on my main core router and gave it a 192.168.x.1 255.255.255.0 address for the gateway. Also, I added ip prefix-list iBGP seq 10 permit 192.168.x.0/24 le 32 to my main core router. On my secondary ISP router I added
ip prefix-list iBGP seq 10 permit 192.168.X.0/24 le 32, and ip prefix-list OUT seq 10 permit 192.168.x.0/24 statements.
I added VLAN 10 to my edge switch and gave it IP 192.168.x.2 255.255.255.0, and the switchports that my core router and my WLC are connected to the edge switch, are in trunk mode with encapsulation dot1q 10. The switchport on my edge switch that the AP is connected to is in switchport access mode.
I can connect to the wifi with a 192.168.x.x IP address on my laptop, but I cannot get any Internet access.
Is it possible to have the DHCP scope be in a different subnet than my WAN IP subnet, and allow guests to get to the external Internet only? Do I need to put the WLC somewhere internal on my network i.e. the DMZ and then tunnel the traffic out to the Internet with no Internal network access?
Thanks for any help you can provide.

right, and how does a 'normal/current' user access the internet? Somwhere going to your ISP there should be some sort of NAT statement when you send interwebs traffic.
if your ISP is taking care of all of that for you, you probably need to let them know you added the subnet so they can do the NAT.
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

HT1178 How setup and configure time capsule with ADSL modem for WiFi internet

For my first time time capsule 2TB set up,would like to know about configuration time capsule with ADSL modem for use WiFi internet!

You will want to turn off the WiFi on your modem (if there is WiFi on your modem). Connect the TC and the modem together with an Ethernet cable. Then, turn on your TC and set it up to be in bridged mode, connection type 'Ethernet'.

Using several Airport Extremes to create and extend corporate + guest wifi

hello all,
my office has purchased 6 airport extremes for our new office, AirPort Extreme 802.11ac (6th Generation), running version 7.73
the plan was to hard wire one extreme via the wan port and create both a corporate and guest network
then link to the others throughout the office by wirelessly extending to provide complete coverage
after moving around the location of one or two units my coverage is now complete across the office space
my setup is as follows:
my network is a windows active directory setup where one of my domain controllers is my DHCP server in the range 192.168.x.x
to enable the guest network on my extremes i need to have my first hard wired (wan port) extreme unit configured in DHCP mode
this airport extreme has pulled down an ip address from my windows server in the range 192.168.x.x
the extreme then uses its own dhcp range to provide connectivity to my clients, 172.16.x.x for corporate wifi and 10.0.x.x for guest wifi
my issue is
the dhcp range that the extreme uses for all my corporate wifi users is 172.16.x.x
i cannot access any servers on my windows network 192.168.x.x by drive maps/hostnames as they are challenged for authentication
I can only access by using ip addresses instead of hostnames
all of my shares and wired users are configured to use hostnames for file shares, printers etc on my servers
the first extreme gets its DNS info from my windows dhcp server correctly but these settings are not passed down to my wifi clients
is there a way to do this ?
I have tried using the 'domain name' field on the extreme dhcp config but this had made no difference
can anyone advise on this ?
do i need to use a different setup, maybe switch to wired config ?
what i'd like to have is the following:
2 wireless networks, one for corporate users and one for guests/visitors
my corporate users to have access to all my corporate servers as their permissions allow using hostnames for access
my guest users to have internet access only
my 6 access points to be connected to each other either wired or wirelessly to provide coverage throughout my office
i was told that the 6 airport extreme's would allow me to do this but now i'm not so sure
any help or suggestions would be gratefully accepted,
thanks

You are trying to use Apple domestic products in a business setup.. this is not what they were designed for.
Could you use 3 units to cover the offices.. please have a go as this simplifies things tremendously.. just use three units in bridge.. preferably all connected to your ethernet network and so operating as AP only.
If that works then use the other 3 units for your guest network.. these should then be placed on a different vlan via your main managed switch.. so they can get internet but have no connection at all to the office network.. but other ways around it could be found. As you have already discovered a simple double NAT might sufficiently block guest access.

Help. How to configure ASA5515 as 'one armed router' for access to DHCP server on a different VLAN

Hi,
My setup
     router > ASA5515(ver8.6) > 4 SGE2010p switches
I want to put the guest WiFi users on a separate network. I have layer 2 switches and want to configure the ASA5515 as a 'router on a stick' setup for the guest vlan to have access to the DHCP server on the native vlan.
I have
1. created a sub-interface for the inside interface and enabled intra-interface traffic.
2. A static route on the ASA point the guest network to the switch.
What else do I need to configure on the ASA for inter-vlan routing?
ASA related config:
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.15.xx.1 255.255.252.0 standby 10.15.xx.2
interface GigabitEthernet0/1.2
vlan 100
no nameif
no security-level
ip address 10.100.xx.1 255.255.255.0
C    10.15.xx.0 255.255.252.0 is directly connected, inside
S    10.100.xx.0 255.255.255.0 [1/0] via 10.100.xx.2, inside

Thanks for the quick response Reza.
Actually that command is already there. Didn't include it in my post.
So I am guessing my ASA config is correct.
I am having trouble setting up the trunk ports on the layer2 SGE2010P switch for trunk port.
I am used to command line layer3 switches (CLI is wasy) but not familiar with these switches GUI. I am going through the config guide right now.
Could you help me with that too?
Not to bother you with a completely different issue though.
Thanks again!

Best place to create the DHCP scope for Guest SSID for remote office connected to HQ Foreign-Anchor controller

Hi Experts ,
Need help with the respect to understand the best practice to place/create the DHCP scope for remote site Guest SSID which will be connected to HQ Foeign-Anchor controller set-up.
how about internet traffic for Guest SSID , which one will be recommanded :
1) Guest SSID gets authenticated from HQ ISE and exposed to the local internet
2) Guest SSID gets authenticated from HQ ISE and exposed to the HQ internet
Thanks

Hi George ,
Thanks for your reply ...So you mean, best design would be to create the DHCP scope into DMZ for guest and let it get exposed to HQ internet ...
how about if I have another anchor controller in lets say in other office and I need to anchor the traffic or load balance from HQ foreign controller , in that case if I create DHCP scope into HQ anchor controller and if its down , I will loose the connectivity , how do I achieve fail-over to another anchor ?
Do I need to create secondary scope into another anchor controller and let the client get reauthenticated from other location ISE and get ip address as well from another anchor controller . Is it what you are proposing ?

How do I configure Server DHCP for a shared-over-WiFi network connection?

Hey all,
Here's how my network is set up-
Comcast > Modem > DD-Wrt router >(Ethernet)> Mac Mini >(WiFi)> Macbook Pro, other devices.
I set the router to use the Mac Mini (with OS X Server) as the DHCP server, and I have the Mac Mini sharing the ethernet connection over WiFi.
The issue is that while my Macbook Pro can get an IP from the Mac Mini (as per DHCP settings), there's no internet connection. I'm not sure I even have the router IP set correctly, should it be the Mac Mini's IP or the router's IP?

I would normally use the router as the DHCP server but it should be possible to use your Mac mini as the DHCP server instead.
With regards to the WiFi, you would want to configure it in bridging mode, this will let WiFi clients and Ethernet clients be on the same subnet and the WiFi clients will then be able to request DHCP addresses from your server on Ethernet. This is the way I have my home network setup.
In the DHCP settings on your Mac mini server, you need to define the default gateway/router as being the IP address of your router. You also need to define valid DNS server addresses. If you running your own internal DNS server perhaps for Open Directory then this would be your internal DNS server address. The range of IP addresses you are issuing need to match the range being used internally by your router as does the subnet mask.

How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device

Dear All
I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
We have one SG300 switch in the office and the rest are basic switches.
Our firewall/router is a Fortigate UTM 240D
Find the attached network diagram for the issue.
Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)?
Thanks.
- See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpuf

Complete these steps in order to configure the devices for this network setup:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
Create WLANs for the Guest and Internal Users
Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

Wireless device can't get IP address for Guest network

I have a wireless network setup at my main location. The access points allow Internal and Guest access. The Internal access uses DHCP from a Windows Server. The Guest access looks like it uses DHCP from my ASA, I did not set this up originally. My question is... I am installing a new WAP in a branch location. I can get the Internal access to work because it uses the Windows Server DHCP. I cannot figure out how to get the Guest access configured to use the DHCP from the ASA. The ASA is on a DMZ. Any help would be appreciated.
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname WAPMadisonOffice
logging rate-limit console 9
enable secret 5 $1$f1/9$SWBosxmjEGfSW4U.t4FnW.
no aaa new-model
dot11 syslog
dot11 vlan-name Internal vlan 141
dot11 vlan-name Guest vlan 99
dot11 ssid Bard
vlan 141
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 141500120D0A7B72757C31343017
dot11 ssid Guest
vlan 99
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode
wpa-psk ascii 7 070D33554F07485C4646090D162E
power inline negotiation prestandard source
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 141 mode ciphers aes-ccm
encryption vlan 99 mode ciphers aes-ccm
ssid Internal
ssid Guest
antenna gain 0
mbssid
channel least-congested 2412 2437 2462
station-role root
bridge-group 1
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
bridge-group 99 subscriber-loop-control
bridge-group 99 block-unknown-source
no bridge-group 99 source-learning
no bridge-group 99 unicast-flooding
bridge-group 99 spanning-disabled
interface Dot11Radio0.141
encapsulation dot1Q 141
no ip route-cache
bridge-group 141
bridge-group 141 subscriber-loop-control
bridge-group 141 block-unknown-source
no bridge-group 141 source-learning
no bridge-group 141 unicast-flooding
bridge-group 141 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface GigabitEthernet0.99
encapsulation dot1Q 99
no ip route-cache
bridge-group 99
no bridge-group 99 source-learning
bridge-group 99 spanning-disabled
interface GigabitEthernet0.141
encapsulation dot1Q 141
no ip route-cache
bridge-group 141
no bridge-group 141 source-learning
bridge-group 141 spanning-disabled
interface BVI1
ip address 10.10.20.20 255.255.255.0
no ip route-cache
ip default-gateway 10.10.20.11
ip http server
ip http authentication local
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
snmp-server community internal RO
bridge 1 route ip
bridge 141 protocol ieee
bridge 99 protocol ieee
line con 0
logging synchronous level all
login local
line vty 0 4
logging synchronous level all
login local
end

Jennifer,
The ASA is connected on this interface:
interface GigabitEthernet1/0/2
switchport trunk allowed vlan 1,10
switchport mode trunk
switchport priority extend trust
mls qos trust dscp
spanning-tree portfast
and the Access Point, what interface?
10.10.10.251 - IP of ASA?
If you set vlan 99 in one interface and connect one computer do you get ip?
I only see the interfaces 1/0/27 and 1/0/48 with access for guest vlan 99.
Regards.

Why does GarageBand audio work for guest user but not my account?

Hello, I have a 15-inch MacBook Pro (2.2 GHz Intel Core i7, 4GB 1333 MHz DDR3) from late 2011 that I bought brand new in 2012. I'm running OS X Mavericks 10.9.4 and my MacBook has 500 GB of storage.
About a month or two ago I tried to download the new GarageBand (10.0.2) but I had trouble completing the loops download. The download would stop halfway through because of a network error. So last week I decided to try to download it again, and I was able to do so after reading some discussions about the issue. I successfully completed the download in safety mode and then I restarted my MacBook. At this point I was able to open GarageBand 10.0.2 and create a new project. Unfortunately, there was no audio coming through the output and sound bar for the various audio components in GarageBand. I had no audio when previewing the loops or playing it back in an audio track. I didn't really test anything else out because I figured I needed to fix this problem first. I have read many discussion boards about audio problems with GarageBand. I have already made sure everything is set properly in the GarageBand preferences and the audio preferences in system preferences. I've tried restarting GarageBand and restarting the computer.
This evening I found a discussion from the username icewhatice and they seemed to have had my exact problem. I'm not sure that I found the answer on this discussion though. For reference, this is what icewhatice posted: "I have no audio coming from Garageband 10.0.2. Downloaded it on Saturday and have spent the last two days trying to figure out why it won't work. I'm using a macbook pro with an Alesis QX49. GB registers keyboard when I plug it in but no sound whatsoever, not even from the onscreen keyboard. It seems to read the keyboard as if I play a C chord, it appears in the display. I've done all the obvious stuff like check preferences, restart, I've deleted and downloaded new GB several times and always with same result. Actually, it took me about four attempts to download it in the first place as I was getting an internet connection error message right at the end of the download, and I see others have had that problem. Managed to solve that by downloading in safe mode but now the no sound thing is driving me absolutely crazy because I can't play my keyboard!!!!! Also, worth noting that there is no audio level being read anywhere, I believe in the new version this appears in the volume control at the top. I've also looked into it potentially being a problem with my keyboard and it possibly needing an update but can't find any difinitive answer for that anywhere. I've stopped looking into that because the on screen keyboard doesn't even work - if that worked then I would know at least GB works and it's something to do with the keyboard. So, I am at a complete loss. If anyone has any ideas about why this is happening or what I could do to solve then I would be very grateful."
After reading this, I realized that I am unable to create new tracks, and I realized that I have the same problems with old projects saved from the last version of GarageBand I had. I have not tried to download GarageBand again since it did not work for icewhatice. léonie ended this post by saying: "Something is certainly wrong - either the current project, some settings in your user account, or the downloaded GarageBand version. Or incompatible software may be interfering. If a new project does not work, try to test by logging into a different user account, for example the "Guest User" account. Create a new project using this account. Does GarageBand work better from this account? Then we will need to troubleshoot your preferences."
I have tried this and started a new GarageBand project in the "Guest User" account. GarageBand was working fine in the "Guest User" account and all of the audio was working properly. Does anyone know how I should troubleshoot my preferences?

If an application is working in a different account, but not in your regular account,try t find out, what you configured differently in your own account, for example start-up items or preference panes you are using, applications and other helper tools, that are only installed for your regular account. As a first guess, remove GarageBands preference files from the user library in your Home folder.
But you will have to reset all settings you did in the GarageBand preferences dialog. And GarageBand will not remember the last project. You'll have to find the file manually.
Remove these files from your User Library to a folder on your Desktop:
~/Library/Containers/com.apple.garageband10/
~/Library/Preferences/com.apple.garageband.plist
~/Library/Caches/garageband
Quit GarageBand, then remove the files to a folder on the Desktop and restart the computer, before trying again to open GarageBand.
You user library may still be hidden, as is the default in Mavericks: To open your hidden user library:
Select the "Home" folder icon (the little house) in the Finder's sidebar and press the key combination ⌘J to open the "view options".
Enable "Show Library Folder".
Then open the Home folder and open the Library folder inside and navigate to the Preferences, Caches, or Containers folder. Remove these folders completely - don't leave anything inside: ~/Library/Containers/com.apple.garageband10/,
~/Library/Caches/garageband .

2504 with new-architecture enabled breaks MAC auth for guest access

Hello,
We have (2) 2504 WLC running version 7.6.120. WLC1 is the local controller and WLC2 is an achor controller for guest-access. We need to incorporate a 3850 for use with the WLC2 anchor. The guest access is currently working with Mac-Auth and Mac-Auth-Fail to Web-Auth.
When converged access is enabled on the WLC1 and WLC2, the MAc-Auth no longer works. That is, the previously authenticated user is now redirected to the Web-Auth page. The local controller shows the user as authenticated but the Anchor controller shows the state as WEb-Auth-REQD.
Rolling back using "config mobility new-architecture disable" and rebooting resolves the issue.
Does anyone what changes from the old to the new that would break this mac-auth/web-auth configuration?

You should reach TAC for these sort of issues. Not many people deploying this CA setup yet & you may not get direct feedback immediately.
HTH
Rasika

ISCSI connections for guests: how to set up?

A couple of questions:
1. If we wanted to set up iSCSI connections for guests such as SQL servers, what is the best way to handle this? For example, if we had four 10-Gb NICs and wanted to use as few of them as possible, is it common to turn two of the NICs into Virtual Switches
accessible by the OS, then use these to connect both the host and the SQL guests? Or would the best option be to use two 10-Gb NICs for the Hyper-V Host's iSCSI connections only, and use the other two 10-Gb NICs as virtual switches which are dedicated
to the SQL server iSCSI connections?
2. I know MPIO should be used for storage connections instead of teaming; if two NICs are teamed as a virtual switch, however, does this change anything? For example, if a virtual switch is created from a NIC team of two 10-Gb NICs, is it acceptable to create
an iSCSI connection on a network adapter created on that virtual switch?

" If we wanted to set up iSCSI connections for guests such as SQL servers, what is the best way to handle this?"
Don't. Use VHDX files instead. A common reason for using iSCSI for SQL was to allow for shared storage in a SQL cluster. 2012 R2 introduces the capability to use shared vhdx files. It is much easier to set up and will likely
give you as good, or better performance, that iSCSI.
But, if you insist on setting it up, set it up the same as you would on the host. Two NICs on different subnets configured with MPIO. (Unless using Dell's software which forces a non-standard configuration of both NICs on the same subnet). Teamed
NICs are not supported. For a purely best practice configuration, yes, it makes sense to have separate NICs for host and guest, but it is not an absolute requirement.
.:|:.:|:. tim

WLC to ISE authentication for Guest

Hi Experts,
Hope if you could guide me with our setup for Guest users. Below is what we are doing
a)     Guest connects to SSID
b)     WLC is being used to redirect Guest HTTP to WLC internal Portal
c)     WLC forwards guest authentication details to cisco ISE [ISE and WLC radius]
The guest connects to SSID and does get WLC portal for authentication, when the username and password entered on Cisco ISE i see error message as
'User Identity not found in any of Identity Store' though it is going through correct Store and the Guest name is certainly configured on Cisco ISE. ISE version is 1.2 and WLC is 7.4, please let me know if i am missing anything here.
Appreciate your help

The first method is local web authentication. In this case, the WLC redirects the HTTP traffic to an internal or external server where the user is prompted to authenticate. The WLC then fetches the credentials (sent back via an HTTP GET request in the case of external server) and makes a RADIUS authentication. In the case of a guest user, an external server (such as Identity Services Engine (ISE) or NAC Guest Server (NGS)) is required as the portal provides features such as device registering and self-provisioning. The flow includes these steps:
Please follow below guide for step by step configuration:
http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

Configuring autonomous 1141 to do DHCP for Guest WiFi

Similar Messages

Maybe you are looking for