Guest network and multiple VLANs

Hello all,
I have installed a pair of 5508 controllers in our network. One controller sits inside the network and APs are configured to associate with that controller. The second controller sits on a DMZ interface off the ASA. I have a guest network configured and it works great. I would like to configure additional guest networks at remote locations. Each guest WLAN will have it's own SSID. Is it possible to map all of these to the same VLAN? Or do I need a seperate VLAN and subnet for each SSID.
Thanks

Scott,
Thanks for the reply. I have created different SSIDs and mapped them to the same VLAN. Everything looks good but I'm getting some strange behaviors on the new SSIDs. It appears that users don't authenticate but I've verified the credentials quite a few times. I wanted to make sure that you could map multiple SSIDs to the same VLAN before I continued troubleshooting.

Similar Messages

Lost my guest network and VOIP is no longer....

Hello peeps,
So, this is what I DID have going on (sorry for any incorrect terminogly, I'm not overly techi)..
Centurylink Lynx 220 modem, 3rd gen TC linked to that and from the TC I HAD my VOIP (voice over internet phone?) working just fine. 2 wireless networks, one as the household main and a guest network for......... well, guests lol..
I have been spending a massive amount of time on the phone with centurylink just of late, we pay for 8meg downloads butwhen doing speed tests we were lucky to get 1meg. So, we got a new modem....
and this is what I have NOW....
Westell 7500 Modem, 3rd gen TC linked to that, bloody VOIP is NOT working, LOST my GUEST network and for love or money I can't add another one, that option seems to have completely gone AWOL.....
On the plus side, speed test now shows 7meg of download speed..
Any idea on what has changed? other than the modem change?? could that of made that difference? Any idea on how to get my life back??
We love the option of the guest network as we can turn it on and off for my Son.. Good boy = ON Bad boy = OFF haa haaa haaa how I love that power
Any info would be great.. Thank you

Guest network apparently.. (I haven't tested) does not work in bridge mode on the TC.
https://discussions.apple.com/message/12853944#12853944
As that is the case you must run the TC as a router. Update to latest firmware and latest utility if not already maybe a help.. or a hinderance if you are already there.. visa versa .. go backwards.. Apple don't get them right all the time.
Secondly the modem should be in bridge and using PPPoE client on the TC so it is a full router. This may solve the voip issue as well since your modem may not be setup correctly for voip.

Multiple scopes and multiple VLANS

What am I missing her, probably a lot? Goal: Create 3 scopes within WS 2012R2. 1. Default network (192.168.1.0…Range .100-.254) 2. Network for IP Camera system (192.168.2.0…Range .100-.254) 3. Guest Network (192.168.3.0…Range .100-.254).
Scopes are already created and the default network is operational.
Equipment: WS 2012R2(DNS 192.168.1.5), Cisco RV042(Internet Gateway 192.168.1.2), Qty. 2 ISP’s modems bridged feeding the RV, Cisco SF200-24FP (192.168.2.1 Poe for IP cams), Netgear JGS524E (Not Managed, Default network switch).
Configuration: the RV is checked as a gateway, with multiple subnets engaged and the subnets have been added. DHCP Relay is engaged and pointed at the DNS Server IP. Port configuration: Ethernet Ports 1&2 VLAN1, Port 3 VLAN2,
Port 4 VLAN3.
Problem: When I connect PC to either VLAN 2 or 3, I do not get a DHCP of 2.100, or a 3.100 I get a 1.100.
Basically why does the server not issue the proper IP when I am connected to VLAN 2 or 3?
So if I static my machine to 2.100 with gateway 192.168.2.1, and DNS 192.168.1.5 I connect to the network, cannot surf and get error “cannot communicate with primary DNS server 192.168.1.5”. In closing how does the server know that IP range
2.100-.254 is suppose VLAN 2?

Hi,
Please try to perform a network capture on the DHCP server.
We can check the giaddr field in the DHCP DISCOVER message. This field contains the Relay agent's IP address, DHCP server uses this field to find the suitable scope for the client. This field should be set to the IP address of the VLAN interface.(The
gateway of the VLAN).
If this field is set to any IP address in subnet 192.168.1.0, the client will get the IP address from your fist scope.
If this field is set correctly, please check if there is any related warning in the event viewer of the server.
Best Regards.
Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

The same network and id vlan in different contex in the same ACE

Hello,
I want to know if I can create 2 context in an ACE with the same ID Vlans that other context and this can be in the same network, in the configuration I explain.
Best Regards
++++++++Switch C6513++++++++
svclc multiple-vlan-interfaces
svclc module 6 vlan-group 100
svclc module vlan-group 100 60,233
vlan 60
name inside
vlan 233
name outside
interface vlan 233
ip address 10.24.16.1 255.255.255.0
no shutdown
++++++++Context Admin++++++++
hostname ACE-MOD6
ft interface vlan 350
ip address 10.24.15.34 255.255.255.248
peer ip address 10.24.15.33 255.255.255.248
no shutdown
ft peer 1
heartbeat interval 200
heartbeat count 20
ft-interface vlan 350
ft group 1
peer 1
priority 200
peer priority 150
associate-context Admin
inservice
context SERV1
description SERV1
allocate-interface vlan 60
allocate-interface vlan 233
context SERV2
description SERV2
allocate-interface vlan 60
allocate-interface vlan 233
ft group 2
peer 1
priority 200
peer priority 150
associate-context SERV1
inservice
ft group 3
peer 1
priority 150
peer priority 200
associate-context SERV2
inservice
++++++Contex SERV1++++++
interface vlan 60
ip address 10.24.8.5 255.255.255.0
no shutdown
interface vlan 233
ip address 10.24.16.5 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.24.16.1
++++++Contex SERV2++++++
interface vlan 60
ip address 10.24.8.6 255.255.255.0
no shutdown
interface vlan 233
ip address 10.24.16.6 255.255.255.0
no shutdown
ip route 0.0.0.0 0.0.0.0 10.24.16.1

Sharing Vlans is possible in routed mode.
Its not possible when ACE is operating in Bridge mode.
You need to use unique IP addresses in each context for shared vlans.
Also make sure to use " shared-vlan-hostid " command.
When contexts share a VLAN, the ACE assigns a different MAC address to the VLAN on each context. The MAC addresses reserved for shared VLANs are 0x001243dc6b00 to 0x001243dcaaff, inclusive. All ACE modules derive these addresses from a global pool of 16k MAC addresses. This pool is divided into 16 banks, each containing 1,024 addresses. An ACE supports only 1,024 shared VLANs, and would use only one bank of MAC addresses out of the pool.
By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACE modules in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank and use the same MAC addresses. To avoid this conflict, you need to configure the bank that the ACEs will use. "
Above paragraph & More details at
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A2/command/reference/config.html#wp1447465
Syed Iftekhar Ahmed

NAC Guest Server and Multiple Guest SSID's/Splashpages

Hi All,
If I have multiple guest SSID's on a single controller and I use NGS as the Radius. How do I configure NGS to "send" the clients to differnet login pages corresponding to the SSID they came from.
I can configure different splash pages in HotSpots section but how do I map the different SSID's from the controller to the different splash pages. Then I guess that raises the question when I generate guest users on NGS is it possile to only allow them associate to a specific SSID.
TIA,
Eoin.

Hi Nicolas,
Thanks for the reply. I can see that config on the WLC and have used it before where there is only a single guest SSID. What I dont know is if the NAC Guest server sees radius requests coming from different guest SSID's on the same WLC. How does the NAC Guest server apply the correct guest policy to that user. And when sponsors genereate guest accounts how do they specific which policy is to be applied to that guest so it can only get access to a specfic guest network/SSID I'm not sure where the "mapping" of accounts/splash pages/policies takes place on the NAC guest server. I've only ever set up NAC Guest when there has been a single guest SSID.
Regards,
Eoin.

HOW TO CONFIGURE GUEST NETWORK AND LIMITE BANDWIDTH

Dear all,
Please help me how to configure internet access rule and limited the bandwidth for guest network via TMG Forefront 2010.
Thanks you & best regards,
Hung Viet

Hi，
First you can create the new network set which is mapped to guest subnet, after that you can create access rule for this network set.
If you want to control bandwidth, you may need 3-party tool like this:http://www.bsplitter.com/
Best Regards
Quan Gu

Guest Network and iTunes DJ

Is it possible for users connected to the guest network to use iTunes DJ for an iTunes library which is on a Mac connected to the main network?

The MAC address filtering is for the main wireless network and not for the guest network.
The guest network is different from your private wireless network. This is very convenient especially if you always have guests in your home who would like to access the Internet.
When guests connect to the Guest network, they can connect to the Internet but will not have access to computers and devices which are connected to your Valet or Linksys Wireless-N Router. The Guest network is a virtual network within your private network.
The Guest network operates on a different IP address range (192.168.33.x). This allows your guests to connect to the Internet without becoming a part of your private network.
The guest will need the password to the network if they want to access the Internet.

Guest network and bridge mode

Hi,
my question is, why my guest network doesn't works, if my TimeCapsule works in the bridge mode?
Someone an idea?
Thanks
Albrun

From the latest airport utility and firmware it does work.
I run the TC in bridge and setup the guest to try it.. seems to work for me.
I know there are other issues with using these .. perhaps that is what you mean.. but it does work.

ARD 3.1 on a Cisco network with multiple VLANs

I really hope someone can help me with this one because it's giving me all sorts of headaches.
I manage all the IT for a large elementary school. We have Macs all over the building. (unfortunately many are still OS 9 Macs) As we replace and add new machines we have some that are wired in the network and some that are wireless. This is creating a rather messy issue with ARD. The backend of our network is running Cisco hardware. Our networking department has split our wired and wireless network on to separate VLANs. If I connect wirelessly to the network from my laptop, I can see the wireless Macs. If I connect through a wired connection I can see the wired machines. If I have both turned on, I tend to get problems with ARD freezing up when it tries to scan the local network. If I scan the wired network and switch to a wireless connection, everything works until the DHCP lease expires on the machines overnight and they get new IP addresses. I'm pretty sure this has to do with Bonjour and mDNS.
Can anyone tell me what information to provide my networking department to get Bonjour and mDNS working across these two VLANs. We have a great networking department but Bonjour and mDNS is not something they deal with much and they aren't Mac fans so this gets put way on the back burner.

I really hope someone can help me with this one because it's giving me all sorts of headaches.
I manage all the IT for a large elementary school. We have Macs all over the building. (unfortunately many are still OS 9 Macs) As we replace and add new machines we have some that are wired in the network and some that are wireless. This is creating a rather messy issue with ARD. The backend of our network is running Cisco hardware. Our networking department has split our wired and wireless network on to separate VLANs. If I connect wirelessly to the network from my laptop, I can see the wireless Macs. If I connect through a wired connection I can see the wired machines. If I have both turned on, I tend to get problems with ARD freezing up when it tries to scan the local network. If I scan the wired network and switch to a wireless connection, everything works until the DHCP lease expires on the machines overnight and they get new IP addresses. I'm pretty sure this has to do with Bonjour and mDNS.
Can anyone tell me what information to provide my networking department to get Bonjour and mDNS working across these two VLANs. We have a great networking department but Bonjour and mDNS is not something they deal with much and they aren't Mac fans so this gets put way on the back burner.

WRT1900AC - WPA2 on Guest Network and Setting Domain Name

I'm configuring a new WRT1900AC (version 1) and have a couple of questions. The first should be easy, on the Connectivity -> Internet Settings page on the right side under the heading Optional the Domain Name (provided via the DHCP server, Comcast in this case) is displayed, but I cannot change it. How do I set the Domain Name to reflect my local domain? The second question is a bit more daunting. I have two main wifi segments (one each on 2.4Ghz and 5Ghz) that are each secured by WPA2. They work great so far. I also have two Guest wifi segments (one each on 2.4Ghz and 5Ghz), I cannot figure out how to secure these with WPA2. You can set a passwword for each of the Guest wifi segments, and instruct users to open a web browser after connecting and enter this password, but that's not a secure connection. Please tell me there is a way to secure the Guest network via WPA2, nobody wants to use an insecure internet connection in this day and age...... -MC

That's exactly why you want the connection encrypted, so EVERYTHING you send is encrypted and not sniffable. The intended use of this Guest network is for renters at a condo resort, who will likely be doing banking and the like while on vacation. If we only provide an open/unencrypted network for them they can't (or at least shouldn't) use it. I have a Netgear R7500 in place right now, it doesn't have any of these problems (e.g. you can specify the domain name even on with a dynamic WAN IP, and all 4 network segments are WPA2 encrypted). Unfortunately, it's totally unreliable - the 4 network segments randomely disappear and stop working all the time, and the signal range is poor. I "downgraded" to this 1900AC because this router has a better reputation for stability and range (and indeed, I've been testing it for several days now and stability and range seem to be its strong points, not a single problem so far), but these firmware decisions by Linksys are forcing me to reconsider this router. -MC

E4200: guest networking and MAC filter

Hi there,
I have my e4200 setup with guest networking enabled and also MAC filtering. Somehow i was epxecting MAC filtering not to be applied to guest wireless network but it appears to be so.
Can anybody please confirm if this is the case and if there's a workaround?
Solved!
Go to Solution.

You are correct. MAC filtering is universal in the router. There is no workaround besides not using it.

Guest networking and mac filtering

I have a dual band airport extreme that I've purposfully kept at an old firmware revision because I have mac filtering enabled and also want to have guest network enabled. Somewhere around version 7.5 a bug was introduced that applied the mac filtering to both the private and guest SSID's. I found a number of posts from back then about it, but can anyone tell me if it has since been corrected in the more recent releases?
Thanks
Matt

Somewhere around version 7.5 a bug was introduced that applied the mac filtering to both the private and guest SSID's. I found a number of posts from back then about it, but can anyone tell me if it has since been corrected in the more recent releases?
No. For what it's worth, Apple Support does not call it a "bug". They call it a "feature".

Wireless and guest network and HREAP

Hi,
I have inherited a wireless infrastructure which comprises of a head office with WCS and WLC plus LWAPP access points.
There is a sub office in another town who wishes to deploy a wireless infrastrucure and it struck me that as they only want to deploy a couple of AP's that HREAP would be good to use in this senario.
However they want to also use the guest wireless network that we have in the head office but I dont want their guest traffic to come to our DSL modem that we have set up for the HO guest wireless. The two offices are connected via an MPLS link which doesnt need anymore traffic on it.
Is there a way of configuring the HREAP and the WLC and WCS so that the sub office breaks out locally for guest and yet the lobby admin at HO can control the password?
Many thanks,

Hi Nell,
the feature you are looking for is "H-REAP local switching".
So you can set the remote AP to H-REAP mode (which optimizes it for "behind a WAN link") and from there you can set several ssids as "local switching".
this means that everything about the authentication phase is handled by WLC but after authentication, the traffic is dropped locally at the AP and doesn't transit through the WLC.
The guest SSID has to be enabled for local switching and then, on the H-REAP APs, go in the AP configuration (from WLC "wireless" tab, then click on ap) and in the hreap tab, you can configure the vlan where the guest traffic will be dropped on the remote site. It must be a vlan that exists on the remote site and users will get a DHCP address on that vlan.
Regards,
Nicolas

Home Networking and Multiple Router Set up Problem

Router 1 (Main Access Point)
        X
(Routers 1 and 2 connected via a wireless bridge)
Router 2 (Wired Access Point)
    X
(Router 2 and 3 connected via a wired bridge)
Router 3 (Wired & Wireless Access Point)    Note:broadcasting under a different SSID
         X
Problem:
When I set up a wireless and wired bridge my Internet connection works perfectly and I can connect to the second SSID. If, however, I close out of my browsing session and come back to my laptop several hours later and open a browser, I get the “webpage cannot be displayed” message.
I suspect this has to do with IP addresses changing from the main router after a certain amount of time.
What could be causing this?
What can I do to stop this from happening?
Thanks for any help
EML

Running multiple router behind router can be tricky and may be the cause of your dropouts if you don't have it configured properly.
Cisco recommends using your best router as your primary router and DHCP server.
The best way to setup for home networks, in my opinion, is to use only one router, and put the other router(s) in bridge mode. Also, make sure your modem is not a router too.
http://www6.nohold.net/Cisco2/GetArticle.aspx?docid=28cee6a2fb0d4176a2210942d1d5836c_Setting_up_the_...
http://homecommunity.cisco.com/t5/Wireless-Routers/Guest-access-never-displays-password-prompt-on-EA...

Open Guest Network and DHCP utilisation

For guests to be able to easily access our wireless network, the Layer 2 security is Open, with Web Authentication implemented at Layer 3.
The problem I have is with having no layer 2 security (open), is that my dhcp pool is utilised by devices that may never authenticate. It becomes more of a problem if the DHCP pool is associated with DMZ Public addresses...
Is there anyway of moving the client to a different DHCP pool after web authentication? (ie. from a Private pool to Public pool).
I can see from the documentation that Dynamic VLAN assignment is not possible with web authentication :(

In the case of DHCP, a DHCP server must be available locally and must be able to provide the IP address for the access point at bootup.
http://www.cisco.com/en/US/docs/wireless/wcs/4.0/configuration/guide/wschreap.html

Guest network and multiple VLANs

Similar Messages

Maybe you are looking for