How-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device

Dear All
I have a 2504 Wireless Controller with multiple radios attached. I currently have a "private" WLAN configured (taking ip from windows server based DHCP of Range 192.1681.0/24 ) and working, but I need to add a Guest/Public WLAN which should take the IP from Other DHCP Configured on Fortigate UTM of range 172.16.0.0/24.
We have one SG300 switch in the office and the rest are basic switches.
Our firewall/router is a Fortigate UTM 240D
Find the attached network diagram for the issue.
Is there a SIMPLE way to enabling guest access that doesn't require VLANS (or are VLANS easier than I'm making them)? 
Thanks.
- See more at: https://supportforums.cisco.com/discussion/12473186/how-do-i-configure-guest-wifi-access-using-2504-wlc-fortigate-utm-l3-device#sthash.aj1XcWI0.dpuf

Complete these steps in order to configure the devices for this network setup:
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-vlan/70937-guest-internal-wlan.html
Configure Dynamic Interfaces on the WLC for the Guest and Internal Users
Create WLANs for the Guest and Internal Users
Configure the Layer 2 Switch Port that Connects to the WLC as Trunk Port

Similar Messages

  • How to configure the wifi access with specific time slot for kids?

    how to configure the wifi access with specific time slot for kids?

    Which model of AirPort base station do you have? Which version of OS X is your MacBook Pro running?
    Wi-Fi access can be limited using the Timed Access feature of the AirPort routers. You would do so using the AirPort Utility.

  • How can I set up a guest WiFi network using Time Capsule and Airport Express extension?

    How can I set up a guest WiFi network using Time Capsule and Airport Express extension?

    Sorry, but it is not possible to "extend" the Guest Network using either wireless or an Ethernet connection.

  • I'm suddenly unable to join my Airport network with my PowerBook G4.  I am able to access my network with all of my other devices.  How can I once again establish access using my PowerBook G4.

    I'm suddenly unable to join my Airport network with my PowerBook G4.  I am able to access my network with all of my other devices.  How can I once again establish access using my PowerBook G4?

    Bruce777 solved this for me, thank you Bruce! My printer now works perfectly on my new wifi network!
    Bruce's  instructions, for anyone else having the same issue:
    - delete any previously set up printers
    - scrub old hp software and update software to get the hp 2.8 drivers
    - remove the usb cable from the printer if you have one connected
    - reset the printer network to hpsetup (hold down the power button and press network button 2x and then cancel 3x, release power button.)
    - print out the wireless network test report (hold down the network button and press the update button 2x). verify the network name / ssid is hsetup
    - got to sys prefs > network and change the mac wireless network to hpsetup
    - go to the sys pref > print scan
    - add the HP 8000 printer
    - click on the options and supplies button and click on the Show Printer Webpage
    - click on the networking tab > wireless in the left pane > start network wizard and change the network from hpsetup to your network
    - finish (this page may freeze up.  close the browser)
    - go back to the sys prefs and change the wireless network back to your networt
    - go to the printer and print out the wireless network test report (press network button and update button 2x).  Check that the SSID is your network
    - go to sys prefs > print scan > select your printer > options & supplies > show printer webpage > network info (check ssid and compare to wireless network test report)
    - try printing something to your printer.  It might take a little time the first print.

  • How do I give my wife access to my iCloud documents?

    How do I gibe my wife access to my iCloud documents?

    You can share links to iCloud documents using the "Sharing Links" feature in iCloud,  see this help text:
    iWork: Sharing links to documents in iCloud - Apple Support

  • How would I contain guest Wifi network in firewall?

    I would like to implement a guest wifi network on my preexisting private network and can't figure out the security on my firewall. Currently the link connecting my private network to the internet is functioning fine and I really don't want to change this link into a trunk as I believe trying to reconfigure the trunk and security lists in the firewall would cause downtime. I would like to use a second interface on the firewall (5520 ASA with 8.2 software) as a trunk interface for my guest network and any other new VLAN in the future. My main concern is at the Core of my network the default gateway is the private IP for my internal firewall connection. If the guest network is connected to my core device going to the ASA, how do I specify a second default gateway on the core for the guest network on the ASA?
    After writing this I realized, what if i connected a switch directly to the second trunk interface on my ASA and then used this IP as the default gateway for the guest network? I believe this should work but this leads me to one more question:
    Say I wanted to allow my quest network access to a specific server on my internal network, would a proper configuration be to setup the ACLs on the firewall, allowing them to communicate to my inside network?

    Hi,
    Yeah I suppose changing the existing interface to a Trunk would not be possible without somekind of downtime unless you used an untypical configuration.
    Sadly, my personal knowledge of wireless networks and the devices is almost nonexistent as we have different people to handle setting up those.
    But I would imagine you can use a separate Vlan for the Guest Wifi and bring that Vlan to the new ASA interface only. If your actual core switch is doing routing, in other words if its acting as a L3 switch then you should probably add the Guest Wifi Vlan only as L2 to the core switch and configure it all the way to the new ASA Trunk. Default gateway as you say would be the IP address configured on the ASA itself.
    Controlling the traffic from the new interface on the ASA should be pretty simple.
    access-list GUEST-WIFI remark Allow traffic to internal server
    access-list GUEST-WIFI permit tcp host eq
    access-list GUEST-WIFI remark Deny All traffic to Internal networks
    access-list GUEST-WIFI deny ip any
    access-list GUEST-WIFI remark Allow All other traffic
    access-list GUEST-WIFI permit ip any
    access-group GUEST-WIFI in interface
    The above ACL first allows some traffic to a certain internal server with a certain service. It then blocks all other traffic to the internal network. Finally it allows all other traffic. That would be all traffic destined to external public networks.
    Naturally you would need possibly Static Identity NAT configurations (since you are using 8.2 software) to enable connections from the Guest Wifi to Internal network.
    - Jouni

  • How to set up guest wifi network on 1200 series APs with disclaimer web portal?

    I've been thinking about this one for awhile. I want to set up a guest wifi network without any security (AES / TKIP) that allows guests to connect. Ideally, their web browser would be redirected to a web portal containing legal disclaimers, and they would need to accept the terms and conditions to use the guest wifi. I would also like to have them be required to visit the web portal again every 8 hours after that to accept the terms and conditions again.
    I have a Cisco 1240AG access point already. What else do I need to make this work?

    I don't believe you can do this just with an AP running in autonomous mode you would need to have a WLC to configure the splash page.
    Have a look here:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70users.html#wp1049273
    Alternatively you can use software running on a PC/Server. Something like http://www.antamedia.com/hotspot/
    Hope that helps!
    Matty

  • How to properly configure a home network using both Mac and PC computers

    Is there a book or set of guidelines that can tell me how to properly configure (exact specifications) my computers in a home network? Here is what I am trying to do and using:
    1) Three computers: iMac (late 06 ver), Macbook (newest version), Dell laptop. The two Macs are using Leopard and the PC is XP.
    2) Bellsouth modem which feeds into the Airport Extreme Base Station (AEBS)
    3) The AEBS has a USB hub which is connected to a external hard drive and two inkjet printers. A third laser printer/scanner/fax machine is connected to the AEBS via ethernet.
    4) All three computers use a wireless connection to the AEBS.
    I would like the following:
    1) Have a secured and password driven network - don't want outsiders connecting to the nework without permission.
    2) All computers to be able to access the USB printers and ext HD.
    3) The two Macs to read/write to each other with password access
    4) The iMac to have read/write capabalities over the PC via VSFusion or Bootcamp if possible.
    Currently, all three have Internet access via the AEBS and can print on the ethernet printer. Both Macs can see the Bonjour USB printers and print (however they to do not display on the AEBS configuration display utility and neither does the ext HD). The USB ext HD is shown on the iMac desktop and I have access to it, but does not display on the MacBook. I have not checked if the PC sees the external HD and it really does not matter if it ever does, although it would be nice.
    I am hoping that there is some standard configuration that I can "cut and paste" that is generally used to allow a home network to share resources while still being secure.
    Any advice and help is greatly appreciated.
    Thanks,
    Andrew

    Andrew,
    What you would like is fairly complicated so this will probably be a lengthy post, but hopefully I can assist you.
    As others here have pointed out, networks can vary widely, but the best networks have one element in common: planning. The first thing you need to think about is how you would like all of these systems to cooperate. For instance, do you want one of the machines to serve files to the others and be a central repository, or are you just interested in having them share documents on occasion so that you don't have to carry around, say, a USB key all the time? That said, here is a basic list of things I think you should look into.
    1. Network Basics
    First step is to get your local network set up. I'd go for WPA or WPA2 wireless security as they are relatively strong standards and you can use human-readable passwords. Additionally, unless you have an explicit need for someone outside your network to initialize a connection (Windows' RDP for instance), do not allow any passthroughs or port redirects on your AEBS.
    2. Network Topology
    Decide how you want computers and networked devices to identify themselves and their relative locations in the network: in short, do you want static ip's or dynamic ip's? Most of the time, static IP's can be assigned on a DHCP router, the trick is to assign the statics higher than your number of devices (or lower on some routers - for instance Linksys routers start DHCP at 192.168.1.100 but you could have statics from 192.168.1.2 to 192.168.1.99). For instance, it is impractical to set a laptop to static because I'm often in coffee shoppes and other environments that assign via DHCP; on the other hand, it's a good idea to have a printer be static so that you always know where to find it. So, I have 10.0.1.x network (default on AEBS), and the printer is 10.0.1.24, since the likelihood of my encountering an IP conflict with 4 computers on the subnet is virtually zero. If you configure a static device behind your AEBS, defaults are usually
    Default Gateway 10.0.1.1
    IP Address 10.0.1.(your choice)
    Subnet Mask 255.255.255.0
    3. File-sharing.
    3a) Mac OS X has a built-in SMB/CIFS (Windows file & printer sharing protocol) client, and a basic SMB [samba] server can be enabled in the sharing preference panel (enable file and/or printer sharing). Windows XP can use these shares, but must authenticate. For that reason, you may not be able to see your shares in the Network Places browser, however you should be able to get to them by mapping the network drive (tools menu) or executing RUN with \\computer.name\share.name. You will then be able to type in your credentials. I would also suggest relatively simple names for the Macs in question (set in Sharing preference pane). Typing Andrew's-iMac-G4 in every time you want to find it will get irritating after a while to say the least, especially if you need to troubleshoot.
    3b) The reverse works similarly. You can Connect to Server... from Finder to get to the Windows shares. To do this you must have Windows File and Printer sharing enabled (most easily through the Network Setup Wizard in Control Panels - Use Classic View). It's really easy if your account names and passwords are identical on the Mac and PC, because when loading user profiles, the Mac will generally automatically try to authenticate against the Windows machine with your Mac logon credentials. (Windows seems to do this against the Mac as well) You can write an Applescript or there are some PLIST modifications you can make to mount Windows shares at login.
    4. Printing
    I'm not exactly sure what you had in mind here since I'm not sure what's connected to which computer or directly to the network. If it is possible, I personally find putting my printers directly on the network to be the easiest thing. Especially if printing large PDF or graphics files, the spooling on the host system can really slow the computer down, and slow down printing. For example, I used to have a laserjet on a Windows box and had to print a very large file. Going through a Win print server, it only printed a page every 30 seconds, but when I got a jetdirect adapter, the whole thing was done in under two minutes. If you have HP Printers, I would recommend the jetdirect print servers (I have used with both a laserjet and a supposedly unsupported color inkjet).

  • Guest Portal Access using ISE

    I’m having an issue setting up the Guest Port Access for our wireless network.
    I’m trying to setup an SSID anchored in the DMZ for internet access only. The authentication to this would be granted via the ISE Guest Access Portal.
    I’ve got the SSID created and tested working with no authentication.
    When I enable the Guest Portal (per these instructions http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml), I can login and create a guest account. Have the guest go to the portal, login, hit ‘I accept’, but then instead of redirecting them to whatever page they tried to access, it sends them back to the guest login page (with still no access to the network resources).
    Am I missing a simple setting somewhere? Please let me know if this should be reposted in the security/ISE forum instead of here.
    Thanks,
    Pete

    Is this related?
    11036
    ERROR
    RADIUS
    The Message-Authenticator RADIUS attribute is invalid.
    A RADIUS packet having an invalid Message-Authenticator attribute has been received. Make sure that the client device is compatible with AD Agent, has been configured properly, and is functioning properly. Make sure that the same RADIUS shared secret has been properly configured, both in the client device and in AD Agent.
    Reference: http://www.cisco.com/en/US/docs/security/ibf/setup_guide/ibf10_log_msgs.html

  • How to reset password on wifi to use facetime

    how can i reset my password in wifi to use facetime?

    To reset stored WiFi passwords on your phone: Settings>General>Reset>Reset Network Settings.

  • How do i configure telnet service to use a specific port number

    How do I configure a specific port number to the telnet service other than the default port number.  I opened /System/Library/LaunchDaemon/telnet.plist with XCode but it won't let me modify the port number.  Is there another place / item that I need to go to?

    Telnet is obsolete and insecure. Use ssh instead.

  • How old is the 1142 wifi access point?

    How long was the Aironet 1142 wifi access point in production? When was it first available for purchase?

    Few details are over here
    http://www.cisco.com/c/en/us/products/wireless/aironet-1140-series/eos-eol-notice-listing.html

  • WRT54G configuration for internet access using Lacie Network Space Max

    Please HELP!!!!
    I have tried for the past 2 weeks trying to configure my router WRT54G so it allows me to access the Lacie over the internet without luck. I have followed every instructions from Lacie and every other FAQs and help on the internet, still no luck. I have spent numerous days with Lacie tech support and they could not figure it out - why my router would not allow me access over the internet. I am hoping that the big guns here can help me.
    I have a number of laptops connected wirelessly to my local network and every laptop can access the Lacie NAS hardwired to one of the ports on my router. My entire system works wonderful locally.
    The Lacie has been assigned a static IP of 192.168.1.199
    My local network has a starting IP of 192.168.1.150 and ends at 192.168.1.199
    My router's IP is 192.168.1.99
    I have assigned port forwarding for my Lacie (192.168.1.199) for ports
    20, 21, 25, 80, and 443.
    I have tried other setups but no help. Please help!!!
    Happy New Year!!!
    Solved!
    Go to Solution.

    Scrooge... thanks!
    My NAS has ftp enabled. Access to the network is excellent throughout my local network. Every PC, wirelessly, can access everything on the NAS without any problem. Even when using the web browser using the IP or the dyndns.org assigned to the NAS. (I signed up for a free dynDNS)
    The NAS can be accessed throughout the local network using explorer (under the network directory) and also by mapping the drive. The NAS can also be access using the web browser by either through its assigned IP (192.168.1.199) or by using the NAS's dyndns.org web address (web access requires login since it accesses the Network Space Max web page) - both by http and/or by ftp
    My problem is accessing it through the internet outside my local network, i.e. from my work place or any other place away from home. The ability to access my data away from home is what I really wanted to be able to do.
    "Open the setup page of the router and go to Status tab. Note down the Internet IP address.
    Open the Internet browser and in the address bar type http://Internet_IP_address:21 or ftp://Internet_IP_address .
    See if that works for ftp server."
    Using the router's IP address for both format, http and ftp - I am not getting connected, even in my local network. Using NAS's static IP 192.168.1.199, I am able to access only using the ftp format. http://192.168.1.199:21 does not take me anywhere, but without the :21 takes me to the login page.
    Again, thanks for all  your help.... I am lost and I need your HELP!
    v/r,
    abelts

  • How to play movies without wifi access

    How to play movies without wifi access

    Not sure what you mean by this?  If you've downloaded a Movie, then it will be installed on your iPad (if downloaded to your iPad of course) and it will play from the iPad as is.
    If this doesn't help, please provide more info about what you are trying to do.
    Regards,
    Steve

  • How can I fix my wifi access on my iphone 4s?

    My wifi access button is greyed out, so I can't access wifi.

    Hi olsenj1946,
    If you are having issues with a greyed out or unresponsive WiFi control on your iPhone, you may find the following article helpful:
    iOS: Wi-Fi settings grayed out or dim
    http://support.apple.com/kb/ts1559
    Regards,
    - Brenden

Maybe you are looking for