Guest Mode?

Can an 1100 AP support trunking? Here is what I want to do.
The switchport is configured for a specific vlan so everything in the wireless cloud is on that vlan currently (LEAP/WEP). I want to setup a seperate open Guest SSID vlan and put it in the same vlan that the outside of my PIX is in. Then build an access list to only allow a few ports open. Like HTTP, VPN, and POP so they can get to the internet/corporate network without hacking into anything.
Is there a better way of doing a guest mode? Can my idea work?

The way we do it is we have a guest vlan. This VLAN has no route (no interface VLAN X)on the RSP/RSM, so there is no is way onto the Corporate network. We use an extra interface on the pix(connected to the guest VLAN) which in turn serves as DHCP server and only allows traffic to the web. We also added a small ip pool to the global nat to allow visiting guests to be able VPN out to their home office.

Similar Messages

Locked out of Guest mode on iphone 5 help?

so I have guest mode enabled on my iPhone and I accidently triple clicked and I don't remember the passcode Ugh.
I Don't want to restore my phone and I tried going on itunes to try to restart it and nothing? Please help

There is no "Guest Mode" on an iPhone. Perhaps you mean Guided Access? If you don't remember the passcode, you may have to restore your phone. However, try resetting it first by pressing and holding the Home and power buttons until the apple appears.

Got stuck in guest mode

I was browsing the internet and downloaded video converter on app store, suddenly a message comes up and said i need to restart press the power button then turn it on again. There was no option of canceling the message that popped up. Then so i did restart my macbook pro. Now im stuck in guest mode. Can someone help me? Im really frustrated to get out of guest mode.

no need to post again so soon, give people time: https://discussions.apple.com/message/23333421#23333421

No internet except in guest mode

My imac will not connect to internet but will if I use guest log in? This imac has never had this problem before. I have turned everything off and on. I am using the imac in guest mode right now and it is working perfect, I have tried going back with time machine also. All other devices in my house work fine.

What exactly happens when you try to connect to the Internet in your own account?

Switchport Stuck in Guest Mode

I am using 802.1x authentication with multi-domain ports; Phone and PC connected to phone. The phones are Nortel (Avaya) and the PCs are Dell/HP Laptops. All are configured for Certificate authentication and this works well. However we sometimes get some ports stuck in Guest mode. when a non certificated laptop connects to a phone port and fails authentication, the data port is placed in the Guest VLAN. However when the laptop disconnects the port isn't reset and remains in the guest state. When a subsequent good laptop connects and attempts to authenticate the switch ignores this and leaves the data port in the Guest VLAN. Anyone any idea why this happens and how I can overcome it?
The switch is a 2960S with Version 12.2(58)SE2 IOS.
The port is configured as follows:
interface GigabitEthernet1/0/15
description DANS Port
switchport access vlan 1807
switchport mode access
switchport voice vlan 1855
priority-queue out
authentication event fail action authorize vlan 1871
authentication event no-response action authorize vlan 1871
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
mab
dot1x pae authenticator
dot1x timeout tx-period 7
dot1x max-reauth-req 10
spanning-tree portfast
service-policy input INGRESS-CLASSIFY
end
The auth status and mac addresses on the port after the failed laptop disconnects are as follows:
sh auth sess inter g1/0/15
            Interface: GigabitEthernet1/0/15
          MAC Address: Unknown
           IP Address: Unknown
            User-Name: UNRESPONSIVE
               Status: Authz Success
               Domain: DATA
       Oper host mode: multi-host
     Oper control dir: both
        Authorized By: Guest Vlan
          Vlan Policy: 1871
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: 0AEF212D000003055C8D1DAC
      Acct Session ID: 0x00000653
               Handle: 0x94000306
Runnable methods list:
       Method   State
       mab      Failed over
       dot1x    Failed over
            Interface: GigabitEthernet1/0/15
          MAC Address: 0022.67cd.0eec
           IP Address: Unknown
            User-Name: RBT18991
               Status: Authz Success
               Domain: VOICE
       Oper host mode: multi-domain
     Oper control dir: both
        Authorized By: Authentication Server
      Session timeout: N/A
         Idle timeout: N/A
    Common Session ID: 0AEF212D00000026000286D1
      Acct Session ID: 0x00000028
               Handle: 0xFC000027
Runnable methods list:
       Method   State
       mab      Not run
       dot1x    Authc Success
sh mac address-table int g1/0/15
          Mac Address Table
Vlan    Mac Address       Type        Ports
1855    0022.67cd.0eec    STATIC      Gi1/0/15
Total Mac Addresses for this criterion: 1
I placed the AAA, dot1x, eap and auth debug on for all events and then connected a good laptop, the only debug message I got were as follows:
Mar 19 16:17:01.391 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:01.653 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:02.654 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:03.708 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_auth_client_present: client for mac address 0022.67cd.0eec has been notified on GigabitEthernet1/0/15
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_auth_client_authorized: client for mac address 0022.67cd.0eec is authorized GigabitEthernet1/0/15
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_auth_client_present: client for mac address 0022.67cd.0eec has been notified on GigabitEthernet1/0/15
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open autn
Mar 19 16:17:01.391 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:01.653 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:02.654 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:17:03.708 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open aut
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_auth_client_present: client for mac address 0022.67cd.0eec has been notified on GigabitEthernet1/0/15
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_auth_client_authorized: client for mac address 0022.67cd.0eec is authorized GigabitEthernet1/0/15
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_auth_client_present: client for mac address 0022.67cd.0eec has been notified on GigabitEthernet1/0/15
Mar 19 16:18:43.784 GMT: AUTH-EVENT (Gi1/0/15) dot1x_switch_is_restrictive_vlan_open_auth:Multi-Host with Guest Vlan/Auth Fail Vlan or open autn
I would have expected the auth function to have reacted to the EAP packets sent by the good client when it connected and performed eap authentication but it didn't, all it did was say the ports in Guest mode and left the laptop in this VLAN.
All help will be much appreciated.
Thanks,
Paul

Thanks for this reply, although it does provide valuable information for the "Cisco" world it doesn't help me with the problem I have.
The big question is as follows:
Why doesn't the switch react to the EAP packets it gets from the good laptop connected to the port stuck in the Guest state. The port doesn't have a data MAC in its table for the port, only a Voice MAC. It recognises a device has connected as it then places the good laptops MAC in the table BUT it totally ignores the EAP packets from this device and leaves it in the Guest VLAN where the laptop gets a DHCP address once its EAP has timed out.
Completely wrong activity!!!
Is this a bug?
Any help is much appreciated.
Regards,
Paul

After recovering password Iam locked in guest mode

after recovering my pasword I am stuck in Guest Mode or Emergency Mode wht do I do to get to my accounts?

bump

Screen tearing in secure guest mode

Just got a new rMBP, 15" (no discrete GPU), 2.3GHz. Slowly installing stuff I want on it and I enabled FileVault. Once it was done, I restarted again and to check out the guest mode.
When Safari started up, it went into a semi seizure-inducing state. Going to the Yahoo homepage caused a LOT of screen tearing. Very noticeable on the scrollbars and anything with anything animated. Yet when I restart and log in as normal and go to the same page with Safari there were no rendering problems at all.
I have reset the PRAM/NVRAM and all updates are installed from the App Store.
Has anyone else experienced this? Is this likely to be a hardware problem or a software problem (gfx driver issue in safe mode)?
Thanks
Chris

Yep that "fixed" it. Very surprised that made it past QA.
I'd rather than have Filevault on than a working guest login.
Chris

Seperate data in Guest Mode

When operating in guest mode, the guest account can access to the Firefox browser and Google Mail App. Not only has the guest account access the apps, they also have access to my private data.
How do I protect my data from being accessed by the Guest Account?

Hello Freek,
Refer the following link to setup the Guest Mode:
http://www.kb.sony.com/selfservice/documentLink.do?externalId=C1030597
If my post answers your question, please mark it as an "Accepted Solution."

Guest mode Auto - LWAP

Do do you enable guest mode on a Cisco Wireless LAN controller (4404)?
Auto AP
dot11 ssid Test
vlan 111
authentication open
guest-mode
Guest mode
If you want the access point to allow associations from client devices that do not specify an SSID in their configurations, you can set up a guest SSID. The access point includes the guest SSID in its beacon. The access point's default SSID, tsunami, is set to guest mode. However, to keep your network secure, you should disable the guest mode SSID on most access points.

Unfortunately, broadcast SSID doesn't solve this problem .
If I set Set Single Guest Mode SSID on autonomous access point, then client with old and cheap adapters like ralonk rt61 can connect, but if I disable all WLAN but one with broadcast SSID on 2106 rt61 client still can connects only rarely.
So- is there analog of Set Single Guest Mode SSID in wlan controllers?

IMac mid 2011 works only in guest mode

I changed my administratiors password thinking it would automaticly become the keychain password. Now I can only log on in the guest mode because a normal log in is stopped at a pop up asking for the keychain password. What can I do? Am currently running YOSEMITE 10.10.
THANK YOU

Thank you for your response. I do not remember the previous admi PW. I finally partitioned the HD. erased the new drive, installed Yosemite on that one, migrated files and app's, not computer and network settings. This has eliminated the keychain bug, apparently in Yosemite. Then did the same for other partition. A little laborious perhaps but after three days of trying different solutions the only thing that worked.

My mini-mac is in guest mode. I can not exit this an return to administrator mode. I have tried unplugging from internet and all devices and restarting. Also used all the F keys and the Control, Alt. Delete keys and numerous other combinations. Help

Computer will not boot up to administrator page for sign in and password. It goes to Guest page where I can browse the internet with Yahoo, but can not connect to Safari. It does not show Dock with Applications at all; therefore I can not access network settings or any applications to get out of this mode. I have disconnected every thing connected to the mini-mac and left over night before reconnecting. Same problem as before; then used all F buttons to try to recover factory settings, again nothing help ! Used various combinations of Escape, Delete, Control and Alternate keys. Held D key down while restarting computer and nothing has worked for me at this time. Any suggestions would be appreciated at this time!

https://discussions.apple.com/message/17670442#17670442
https://discussions.apple.com/thread/3909284
http://apple.stackexchange.com/questions/95699/on-login-i-am-only-given-the-gues t-user-option-how-do-i-log-into-my-account

Guest Mode for Airport Extreme Edimax 3G 6200L

Hello everybody,
I've been dealing with this issue for some time now, and I can't seem to be able to sort it out, so I need your help.
I live in a place where we have lots of guests, so I need to share with them my internet connection. I don't want them to have access to my network, so I would like to create a Guest network.
My hardware is: a 3G Airtel dongle, an Edimax 3G 6200L router and an Apple Airport Extreme 5th generation. The internet comes throught he dongle, I live in Africa and there is no other connection available right now. The dongle is connected to Edimax router, because Airport Extreme doesn't support usb connections.
Then, the Edimax router is set to send internet via ethernet only (wifi is turned off to avoid interference). It is connected (via Ethernet) to the Airport Extreme, which is set to Bridge Mode. Airport Extreme creates and send wifi signal.
The problem is that I cannot set the Guest Network on the Airport Extreme. I know I have to change the Bridge Mode to DHCP or DHCP and NAT, but then the internet doesn't work at all and Airport Utility complains about double NAT.
Can anyone please help me with the configuration? Is there something I must do on the Airport Extreme settings page? Is there something I need to change in Edimax settings page?
Thank you in advance!

This is going to be difficult.
I think you will have to just test a couple of scenarios.. and you should start by saving the current configuration on both the edimax and the Apple Extreme. Just so you can easily revert if you need to.
1. Do a test of the actual IP being delivered to your system.
Check the edimax and find the WAN IP .. this is important as many ISP do not give public IP on wireless anyway. If this is the case you are probably wasting your time.. I would simply turn the wireless back on on the edimax and set it to isolation (if possible.. it is not in the manual for the 6200nl I downloaded).. you can set the wireless channel to say 1 and use the AE at 11 but leaving it at auto is usually fine. Use the wireless on the edimax as your guest wireless.. but to properly protect your computer files you may still need to set it to NAT.. and ignore the double NAT.
2. Put the AE in the DMZ of the Edimax and ignore the double NAT.. this is better than the above.
3. Turn off the NAT in the edimax
There is no bridge mode mentioned in the manual for the Edimax.. so the only suggestion I can give is to try turning off the NAT in the edimax.. and set the AE to use dhcp for internet and dhcp and NAT for network.. reboot both edimax and AE and see what happens. The IP on the WAN must be different subnet to the IP on the LAN so if both end up 10.x.x x addresses you will need to move the LAN IP of the AE to some other range. .you do this via the dhcp setup .. which is very odd.

Stuck in guest mode

cannot figure out how to sign back in to my account. I'm stuck in guest mode

Reboot and hold down the option key at the chime. If your startup volume ("Macintosh HD," unless you renamed it) appears in the list of available boot devices, select it and press return.

AIR-AP1142N-A-K9 configuration issue for guest ssid

I'm trying to get the guest ssid working. I was frustrated so saved my old config and wiped out everything on this AP. Now my bvi1 does not come online.
ap#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
BVI1                       192.168.2.249   YES NVRAM down                  down
Dot11Radio0                unassigned      YES NVRAM up                    up
Dot11Radio0.50             unassigned      YES unset up                    up
Dot11Radio0.51             unassigned      YES unset up                    up
Dot11Radio1                unassigned      YES NVRAM administratively down down
GigabitEthernet0           unassigned      YES NVRAM up                    up
GigabitEthernet0.50        unassigned      YES unset up                    up
GigabitEthernet0.51        unassigned      YES unset up                    up
ap#
ap#sh int bvi
*May 6 15:05:24.611: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]1
BVI1 is down, line protocol is down
Hardware is BVI, address is 003a.99eb.8d00 (bia b862.1fe9.9af0)
Internet address is 192.168.2.249/24
MTU 1500 bytes, BW 54000 Kbit, DLY 5000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     3 packets output, 180 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
ap#
I have a private vlan 50 and the public vlan 51. The private ssid seems to work and allow connectivity to the internet but I don't understand with the same configuration the Public ssid doesn't seem to work.
I get this output when trying to connect with my cell phone.
*May 6 15:00:37.288: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:00:38.432: %DOT11-6-ASSOC: Interface Dot11Radio0, Station TYLOR-NB 9c4e.3617.483c Reassociated KEY_MGMT[WPAv2 PSK]
*May 6 15:00:42.935: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:00:54.320: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   2c44.01c3.70a6 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:01:13.913: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:01:17.281: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:01:48.181: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:01:51.583: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
*May 6 15:02:22.500: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 847a.8835.4f22 Reason: Sending station has left the BSS
*May 6 15:03:41.852: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 847a.8835.4f22 Associated KEY_MGMT[WPAv2 PSK]
SSID [PUBLIC] :
MAC Address    IP address      Device        Name            Parent         State
847a.8835.4f22 0.0.0.0         ccx-client    -               self           Assoc
ap#
ap#show run
Building configuration...
Current configuration : 2746 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ap
enable secret 5 $1$4jEJ$ajpjBvSx3DUhxyvLADj.91
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
dot11 syslog
dot11 ssid PRIVATE
   vlan 50
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 01150F035E050E0A2D
dot11 ssid PUBLIC
   vlan 51
   authentication open
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 045D02010A2F444B05
username Admin privilege 15 password 7 0526071D3545175840
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 50 mode ciphers aes-ccm
encryption vlan 51 mode ciphers aes-ccm
encryption mode ciphers aes-ccm tkip
ssid PRIVATE
ssid PUBLIC
antenna gain 0
mbssid
station-role root
interface Dot11Radio0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
interface Dot11Radio0.51
encapsulation dot1Q 51
no ip route-cache
bridge-group 51
bridge-group 51 subscriber-loop-control
bridge-group 51 block-unknown-source
no bridge-group 51 source-learning
no bridge-group 51 unicast-flooding
bridge-group 51 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
antenna gain 0
dfs band 3 block
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
interface GigabitEthernet0.50
encapsulation dot1Q 50 native
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
interface GigabitEthernet0.51
encapsulation dot1Q 51
no ip route-cache
bridge-group 51
no bridge-group 51 source-learning
bridge-group 51 spanning-disabled
interface BVI1
ip address 192.168.2.249 255.255.255.0
no ip route-cache
ip default-gateway 192.168.2.1
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
end
switch config:
interface FastEthernet1/0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport trunk allowed vlan 50,51
switchport mode trunk

Hi
I know the bridge-group have to be identical to the sub interface number and vlan number
This is true for all other vlans except for native vlan. For native vlan sub-interfaces bridge group number always should be 1. In your case, if vlan 50 is the native vlan (192.168.2.x/24 belong vlan) then configure bridge-group 1 under those .50 sub-interfaces. Then everything should work :)
It is ideal if you could put AP management (BVI IP) into separate vlan & two user groups put vlan 50 & 51. Here is a sample configuration where vlan 110 is Mgmt & vlan 12,13 for user vlans.
http://mrncciew.com/2012/10/24/multiple-ssid-config-on-autonomous-ap/
HTH
Rasika
**** Pls rate all useful responses ****

Can't get secure wlan to work with new guest wlan

Dear Support,
I'm having a nightmare! where I can seem to get either one wlan to work or the other but not both together.
I posted previously and reconfigured as per the suggestion, however the problem I get is that the secure wlan client associates, then de-associates after roughly 30 seconds with both a guest (no security) and secure (eap using ms ias as radius server)
my previous post is;
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Security%20and%20Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddcfe12
and the log shows the following, obviously the client is set to connect automatically.
*Mar 1 00:04:35.105: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:04:51.391: %DOT11-6-ASSOC: Interface Dot11Radio0, Station 000e.35f8
.5d13 Associated KEY_MGMT[NONE]
*Mar 1 00:04:51.506: %DOT11-4-MAXRETRIES: Packet to client 000e.35f8.5d13 reach
ed max retries, removing the client
*Mar 1 00:04:51.506: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 000e.35f8.5d13 Reason: Previous authentication no longer valid
*Mar 1 00:05:15.176: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:05:32.703: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:05:58.780: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:06:16.141: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:06:40.759: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:06:58.145: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:07:00.560: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:07:18.020: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:07:43.902: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:08:01.254: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:08:16.172: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:08:16.737: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:08:37.397: %DOT11-6-ASSOC: Interface Dot11Radio0, Station AP-CDC#2 00
13.cefd.48ca Associated KEY_MGMT[NONE]
*Mar 1 00:08:54.732: %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating
Station 0013.cefd.48ca Reason: Sending station has left the BSS
*Mar 1 00:08:57.193: %DOT11-4-MAXRETRIES: Packet to client 0013.cefd.48ca reach
ed max retries, removing the client
Thanks in advance for your assistance.
Any prompt reply will be greatfully received. I also rate responses.
Thanks again, regards, Adrian

Hi Ben,
Please find attached AP config, I can access the switch at the moment, but the config is fairly basic, trunk port with two vlans and vlan 1 as the native.
here's the ap config.
AP-CDC#2#sh startup-config
Using 2989 out of 32768 bytes
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname AP-CDC#2
enable secret 5 $1$LQ1O$NKYZoYAeiahKw0805kLHg0
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 1:00
ip subnet-zero
ip domain name wlan.internal
aaa new-model
aaa group server radius rad_eap
server 10.10.10.2 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
dot11 vlan-name dmz vlan 2
dot11 ssid Secure
vlan 1
authentication open eap eap_methods
authentication network-eap eap_methods
dot11 ssid Guest
vlan 2
authentication open
guest-mode
username Cisco password 7 062506324F41
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption vlan 1 mode wep mandatory
ssid Secure
ssid Guest
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
no preamble-short
channel 2412
station-role root
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface BVI1
ip address 10.10.10.49 255.255.255.0
no ip route-cache
ip default-gateway 10.10.10.253
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
ip radius source-interface BVI1
radius-server attribute 32 include-in-access-req format %h
radius-server host 10.10.10.2 auth-port 1645 acct-port 1646 key 7 xyz
radius-server vsa send accounting
control-plane
bridge 1 route ip
line con 0
line vty 0 4
end
AP-CDC#2#
Thanks again, regards, Adrian

Guest Mode?

Similar Messages

Maybe you are looking for