Internal Corporate wireless and guest wireless network

Similar Messages

• Can you help resolve a "Go Wireless" and Verizon Wireless issue?

  How do you file a complaint against "Go Wireless" and Verizon wireless?  It was partially my mistake because I didn't realize that Go Wireless charges a premium for their service.  That said, I was informed by the sales person that I could get the $150 bill credit per phone line I ported over, and a $200 visa card for each smart phone I turned in.  That's $350 for each phone in credits..  This seemed like a great deal, so I purchased 3 phones, samsung galaxy 5.  I paid a $50 premium per phone to buy them from the store (note..there are NO PRICES listed, you have to rely on what the sales persons quotes you). I also paid a $20 per phone "set up" fee and a $10 sim card fee.  Again, I take responsibility for not asking if other verizon stores charged these additional fees. HOWEVER, when I was told to go to the corporate verizon store to get the envelopes for to turn in the smart phones for the $200 per phone credit - this was not my lack of research.  I did go to the corporate office and was told that the $200 offer had ended 7 days ago.  I went back to "Go Wireless" and the store manager told me that the employee was misinformed and was working off a quote sheet that was out dated.  Ok, now you'd think they'd offer something to fix their "mis-informed" employees mistake.  No, they said there was nothing they could do.  I could return each phone for an additional stocking fee of $35, and cancel my plan.  So, here I am...paid a premium for the phones, was "misinformed" by a store agent who was working off an outdated specials sheet, and my only recourse is to pay $105 to return the 3 phones.  Something isn't right here.  Verizon won't do anything, Go Wireless won't do anything.  Any suggestions?

  My girlfriend had a similar issue because her new device was not updated to IOS7 when she turned it on, but her backup point was created using IOS7.  Check to be sure the restore point was created and then factory reset the phone after you have updated to 7. 

• VLAN Configuration for Internal and Guest Wireless

  Hello,
  We are using the following hardware…
  SG300-52MP switch -- latest firmware
  ASA 5512-X firewall -- 9.1
  Aironet AP1131AG WAP
  We have the following networks…
  10.252.4.0/24 = Internal = ASA-01 interface = VLAN1
  10.252.6.0/24 = Guest = ASA-02 interface = VLAN6
  10.252.6.0/24 = VOIP = ASA-03 interface = VLAN3
  The Aironet supports two SSIDs, Secure (RADIUS) and Guest (WPA2), which are supposed to provide access to the appropriate interface on the ASA.
  Relevant parts of the WAP configuration are…
  dot11 ssid GUEST
     vlan 6
  dot11 ssid SECURE
     vlan 1
  interface Dot11Radio0
  no ip address
  ssid GUEST
  ssid SECURE
  interface Dot11Radio0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  interface Dot11Radio0.6
  encapsulation dot1Q 6
  no ip route-cache
  bridge-group 255
  interface Dot11Radio1
  no ip address
  no ip route-cache
  ssid GUEST
  ssid SECURE
  interface Dot11Radio1.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  interface Dot11Radio1.6
  encapsulation dot1Q 6
  no ip route-cache
  bridge-group 255
  interface FastEthernet0
  no ip address
  no ip route-cache
  interface FastEthernet0.1
  encapsulation dot1Q 1 native
  no ip route-cache
  bridge-group 1
  interface FastEthernet0.6
  encapsulation dot1Q 6
  no ip route-cache
  bridge-group 255
  interface BVI1
  ip address 10.252.4.4 255.255.255.0
  no ip route-cache
  ip default-gateway 10.252.4.1
  We can manage the WAP through it’s Internal IP address (10.252.4.4).
  And the “Guest” wireless network is working -- connecting to that SSID provides the client with the correct IP addressing (10.242.6.X from VLAN6/ASA-02).  [Note:  the VOIP DHCP and network access also works correctly.]
  The “Secure” wireless network is not working however -- the client never receives an Internal DHCP address from ASA-01, and even if you hard-code the client’s IP, no IP4 traffic ever passes.
  [Note:  connecting a device to a SG300 port with the “Default” configuration provides the client with an Internal DHCP configuration, and it works as intended.] 
  While this may be a problem with the WAP configuration, I would like to confirm that it is not an issue with the switch not passing traffic correctly.
  I have a feeling that I have configured the VLANs on the ports incorrectly.
  Relevant parts of the SG300 configuration are...
  v1.3.0.62 / R750_NIK_1_3_647_260
  vlan database
  vlan 3,6
  ip dhcp snooping
  ip dhcp relay address 10.252.4.1
  ip dhcp relay enable
  bonjour interface range vlan 1
  interface vlan 1
  ip address 10.252.4.2 255.255.255.0
  no ip address dhcp
  interface vlan 3
  name VOIP
  interface vlan 6
  name Guest
  interface gigabitethernet45 -- Access mode, Untagged VLAN6
  description ASA-Guest
  ip dhcp snooping trust
  switchport mode access
  switchport access vlan 6
  interface gigabitethernet46 -- Access mode, Untagged VLAN3
  description ASA-VOIP
  ip dhcp snooping trust
  switchport mode access
  switchport access vlan 3
  interface gigabitethernet47 -- Trunk mode, Untagged VLAN1 and Tagged VLAN6
  description WAP1
  switchport trunk allowed vlan add 6
  interface gigabitethernet48 -- Trunk mode
  description ASA-Internal
  ip dhcp snooping trust
  ip dhcp relay enable
  Can someone who understands this switch better than I do please confirm the VLAN configuration?  THANK YOU!

  Welcome to the discussion area!
  +PCI regulations do not consider VLAN a secure way of keeping the data isolated. Does anyone have any technical information on how the device creates the guest wireless network ?+
  I spoke to Apple Support some time ago and was told that Apple uses VLAN to create the Guest network, and also that formal documentation was not available on this topic. I was referred to the AirPort Extreme Specifications for available information.
  This was some time ago, so if you need more up to date info, you might want to try to contact Apple to see if they are willing to share more information about this feature. Although, since VLAN is used, your question may already be answered.
  FWIW, to use the Guest Network feature in a home situation, the AirPort Extreme must be set up as the main router controlling DHCP and NAT on the network. If you were thinking of installing the AirPort Extreme behind another router, the Guest Network feature would not be available in this type of configuration.

• Wireless and guest network and HREAP

  Hi,
  I have inherited a wireless infrastructure which comprises of a head office with WCS and WLC plus LWAPP access points.
  There is a sub office in another town who wishes to deploy a wireless infrastrucure and it struck me that as they only want to deploy a couple of AP's that HREAP would be good to use in this senario.
  However they want to also use the guest wireless network that we have in the head office but I dont want their guest traffic to come to our DSL modem that we have set up for the HO guest wireless. The two offices are connected via an MPLS link which doesnt need anymore traffic on it.
  Is there a way of configuring the HREAP and the WLC and WCS so that the sub office breaks out locally for guest and yet the lobby admin at HO can control the password?
  Many thanks,

  Hi Nell,
  the feature you are looking for is "H-REAP local switching".
  So you can set the remote AP to H-REAP mode (which optimizes it for "behind a WAN link") and from there you can set several ssids as "local switching".
  this means that everything about the authentication phase is handled by WLC but after authentication, the traffic is dropped locally at the AP and doesn't transit through the WLC.
  The guest SSID has to be enabled for local switching and then, on the H-REAP APs, go in the AP configuration (from WLC "wireless" tab, then click on ap) and in the hreap tab, you can configure the vlan where the guest traffic will be dropped on  the remote site. It must be a vlan that exists on the remote site and users will get a DHCP address on that vlan.
  Regards,
  Nicolas

• Streaming media between xbox360(wireless) and pc (wireless) using WRT54GC

  Help needed please!
  Is it possible to stream media wirelessly  between an xbox360 (wireless setup) and pc (wireless) using a Linksys WRT54GC (Ive got both units connected to the Internet  and working fine at the same time)?
  Thanks in advance

  thats posibble.
  u'll have to configure the adapter on the computer and xbox in ad-hoc mode.
  C | EH
  linksyshelp.blogspot.com

• Officejet 6000 wireless and WPA2-Enterprise network security

  I own an Officejet 6000 wireless printer. The manual says that it should be compatible with a wireless network with WPA2-Enterprise network security but when setting up the connection (I am using a macbook and am setting the printer up via usb connection) the newtork is listed but the security type is "unsupported." For whatever its worth it is listed 5 or 6 times but probably thats a different issue.
  I can still select the right network but it only asks for a security key, but my network security requires a log-in name and password.
  What can I do to get my printer connected to the network?

  I get the feeling that most of the people replying here don't know the difference between WPA2-Personal and WPA2-Enterprise.
  Personal has a passkey.
  Enterprise uses both a username and password, usually in conjunction with a Radius server (802.1X athentication).
  What we've had to do solve this problem is create a second SSID on the network that authenticates on WPA2-Personal. We use a really long password to secure the network, one that I will never be able to memorize in my lifetime.
  All we can hope for is that these enterprise-level vendors will, perhaps, gain a greater understanding of wireless authentication processes and the needs of actual enterprise customers who at least a percieved need for wireless printer capabilities. It used to be that customer was always right, though. Perhaps those days are gone...
  The other problem that probably ought to be addressed on consumer end is the fact that multicast tools that make AirPrint work (such as Bonjour), are being blocked from crossing between your wired and wireless networks, perhaps by the wireless controller or due to inefficient routing hierarchy or NAT/PAT issues. Solve this issue and you won't have a need for wireless printers.

• How does does Wireless and a Wireless card work?

  I bought an imac G5 1.8ghz We already have a BT wireless connection and I want to hook up to that. I gather that I need an airport card but I'm not sure how to insert a card into the machine there is a CD portal and ones for USB as well. How does this wireless business work and what do I need for my machine running Tiger 10.4.11?

  The AirPort Extreme card appears to be the correct product
  but you should be able to tell from some of the Apple Support
  information in the form of their product support page for your
  specific computer model. The main support section has a side
  bar menu of products and if you find iMac G5, then look into it
  further, you can identify what exact model iMac G5 you have.
  {+If you have looked under the Blue Apple in the Finder menu bar+
  +and chosen About this Mac> more info> System Profiler> then,+
  +look under Network> Airport card, you can see if one is installed+.}
  There are manuals, instructions and other info available, too.
  The manual to install the physical AirPort Extreme card is in
  the manuals link in the iMac G5 page in Apple Support.
  Since there were a few different models of iMac G5, you should
  be sure to get the install instructions that match your computer.
  The card itself could be used in many different Mac models, so
  it will NOT have installation instructions with it for your iMac G5.
  {The hardware installation is the point of reference here; not the
  CD software, which very likely is outdated and not needed at all.}
  Apple - Support - iMac G5 models:
  http://www.apple.com/support/imac/g5/
  Apple - Support - Manuals:
  iMac models (from newer Intel, on back to older)
  http://support.apple.com/manuals/#imac
  Since the iMac G5 (PPC) and iMac (Intel) look similar, you
  will have to identify your computer in the G5 category to
  be able to get the correct AirPort installation instruction .pdf.
  How to Identify your iMac (note three designs)
  http://support.apple.com/kb/HT1463
  The software CD included with that older Airport Extreme package
  will likely be older than your OS X version in the computer now.
  {So, you will NOT need to install that software to use the AirPort card.}
  Examples of .pdf download manuals on how to install an Airport card
  are as follows (these are actual links to these manuals.) +So, these may+
  +not be for your specific iMac G5 computer.+ To be sure, use Identify page.
  • _iMac G5 20-inch_ AirPort Extreme Card Replacement Instructions (Do It Yourself Manual)
  iMac G5 AirPort Extreme Card, 20-inch 4. Pull the tab on the card to remove the card from
  the AirPort card guide. Important:
  http://manuals.info.apple.com/enUS/imacG5_20inchAirPort.pdf
  • _iMac G5 17-inch_ AirPort Extreme Card Replacement Instructions (Do It Yourself Manual)
  iMac G5 AirPort Extreme Card, 17-inch 4. Pull the tab on the card to remove the card from
  the AirPort card guide. Important:
  http://manuals.info.apple.com/enUS/imacG5_17inchAirPort.pdf
  {Since the above are examples, and there were more than two designs, you should
  check the ' how to identify your iMac ' page under the iMac G5 and Intel, to be sure.}
  Good luck & happy computing!
  PS: if your 1.8GHz iMac G5 is a 17" LCD with Ambient Light Sensor, the wireless
  AirPort Extreme is a built-in component: Model # M9843 (1.8 GHz) and in the older
  1.8GHz iMac G5 20" the card is listed as an Optional part, in pre-light sensor model.
  { edited 2x - to add info }

• Can I use BOTH Verizon DSL Wireless AND DISHnet Wireless at the same time?

  Waiting for Dishnet contract to die and rot away but about 2 months to go.  Want to get with Verison Standard DSL Wireless as no data cap tho slower.
  I can just wait till Dishnet dies and keep bumping into data caps with the Dish service OR can I get the DSL setup and use one connex for the iMac and one for the iPad without any conflicts?
  I am so ignorant of technology that I see a Swing-a-Way hand crank can opener as a marvel of industrial magic,....so please talk simple words to me, :-) 
  Thanks
  DH

  Sign up for the fastest DSL package that you can. Even if the overall speed is slower, the fact that you won't be going over a satellite connection anymore should make the Internet *that* much faster. The Wireless Gateway should come included.
  You can use both services at once, although note that determining how you plan to use both at the same time is going to be another story. Some people use Dual WAN routers (as in, routers that accept two Internet connections and can balance between the two). Others will use the connections separately, by moving devices between the two connections as needed.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Can I have a wireless and ethernet network?

  I want to have a wireless and hardwired/ethernet network in my house. I want to be able to leave one comouter (an eMac that I do most of my work from) connected to the internet via ethernet cable, and then have the Airport Extreme send out the wireless signal (to the laptops, G4PowerBook & MacBook, we also use in the house).
  Right now I use my eMac as to send out the wirelss signal, but that required having the eMac on and connected to the internet to then be able to use the internet on our laptops. I hoped that getting an Airport would elimiate having to have the eMac on all the time.
  I bought an Airport Extreme at an Apple Store (in Toronto) and the told me that all I needed to do was have the internet going in to the Airport fromthe modem, and then have the ethernet cable coming out from the Airport and to my eMac.
  I set it up this way and while the Airport does send out signal to our laptops fine, the eMac does not get any signel from the ethernet cable.
  I can't seem to find any information saying that this set up can actually be done. I find a lot of informetion saying that the ethernet-out port on the airport is for things like printers, and not for internet signal.
  So, despite what I was told in the Apple Store, can this sort of set up be done? If so, what am I doing wrong?
  -Greg

  Greg,
  Yes, you can do what you describe.
  The airport extreme base station has two ethernet ports in the rear.
  One is for the WAN port were you connect your modem and the other one is for the LAN port where you connect your computer (or hub, etc.)
  Plug in your Airport Extreme like mentioned above. You will have to configure it for the Internet and to Distribute IP Addresses if you Internet Modem is NOT a router.
  Then setup your computer via the Ethernet cable and Ethernet connection in your System Preferences > Network > Ethernet ...
  Set your Airport connection or Ethernet connection on your eMac to DHCP....
  Your Airport Extreme should then assign you an IP address, etc., and you should be able to access the Internet at that point.
  Give that a try.

• Can Airport Express extend the private and guest networks simultaneously?

  Can the Airport Express be used to extend the private and guest WiFi networks coming from the base station simultaneously, or can it only be an extension for one of the two at a given time?
  Joe

  Can the Airport Express be used to extend the private and guest WiFi networks coming from the base station simultaneously
  Yes, either by a wireless connection or Ethernet connection to the base station.....assuming that both the base station and extender are using firmware 7.6.3 or higher and AirPort Utility 6.3 is used to configure both AirPorts, which must be dual band models.

• IPv6 Network Flood with Wireless Hyper-V Virtual Network

  Recently, on our core switch (also our layer 3 router) we regularly see a high cpu load. This cpu load is the cause of packet loss and bad connections. This is happening for almost two weeks now.
  Network inspection shows us that there is a flood of IPv6 Neighbor Advertisements originating from what seems the same IPv6 Address but from different Hardware (MAC) addresses. In each second there are up to a 1500 packets per second advertising
  the same IPv6 address. See below for more details about these packets.
  Tracing the MAC addresses to their owner learns that all clients are using Windows 8 with Hyper-V and that they have an External Virtual Network bound to their Wireless/WiFi Network Adapter. Removing this virtual network stops sending
  those packets. Because multiple hosts are involved it may be necessary to remove this network on all of these hosts.
  As is visible in the following packet dump this is an unsolicited neighbor advertisements, resulting in an update in the neighbor table on our IPv6 router. These updates are probably the course of the high cpu load.
    Frame: Number = 188594, Captured Frame Length = 86, MediaType = ETHERNET
  + Ethernet: Etype = IPv6,DestinationAddress:[33-33-00-00-00-01],SourceAddress:[00-24-D7-76-C4-68]
  - Ipv6: Next Protocol = ICMPv6, Payload Length = 32
    + Versions: IPv6, Internet Protocol, DSCP 0
      PayloadLength: 32 (0x20)
      NextProtocol: ICMPv6, 58(0x3a)
      HopLimit: 255 (0xFF)
      SourceAddress: FE80:0:0:0:6F7:E4FF:FE4A:2267
      DestinationAddress:
  FF02:0:0:0:0:0:0:1
  - Icmpv6: Neighbor Advertisement, Target = FD00:4953:4E4C:20:6F7:E4FF:FE4A:2267
      MessageType: Neighbor Advertisement, 136(0x88)
      Code: 0 (0x0)
      Checksum: 3593 (0xE09)
    - NeighborAdvertisementFlag: 536870912 (0x20000000)
       R:   (0...............................) Not router
       S:   (.0..............................) Not solicited
  O:   (..1.............................) Override
       Rsv: (...00000000000000000000000000000)
      TargetAddress:
  FD00:4953:4E4C:20:6F7:E4FF:FE4A:2267
    - TargetLinkLayerAddress:
       Type: Target Link-Layer Address, 2(0x2)
       Length: 1, in unit of 8 octets
       Address:
  00-24-D7-76-C4-68
  Because the target address is the same in all packets but the MAC address changes, it seems that there is something on the hosts that is forwarding/proxying these packets (and only those packets) back to the network it came from, but only
  after changing the targetlinklayeraddress in the advertisement. This process is described in
  RFC4389.
  One host with this problem on the network will not resolve in a flood. Only when more hosts with this issue are active the flood occurs. It seems that two or more hosts are required to magnify the packets send by the others.
  Hyper-V on Windows 8 makes use of a Network Bridge in software to enable the use of wireless network adapters. Is this the cause of all those packets?
  Some of the hosts also had Windows Phone 8 SDK installed. The installation of this SDK enables some networks in Hyper-V. Maybe some configuration change is made enabling the proxying of those packets back to the network they came from?
  After removing the SDK the hosts are still transmitting too much packets.
  The first occurrence of this flood was on the day after Microsoft’s update Tuesday. Is it possible that one of the updates may be the cause of this? There is one mayor update
  KB2770917 which includes updates to DHCPv6 and NDIS library’s. Again, removing this update does not solves the problem.
  Updating our switch/router to a higher level of firmware may lessen the impact, this is something I can try. But it shall not solve the problem, the switch is not the source of the packets.
  Hopefully somebody recognizes this issue. All ideas are welcome.
  Regards,
  Martijn

  Hello today we have a little breakthrough. Our Accesspoints are connected to a Cisco C2960S Switch. We have enabled storm control on the switches. This blocks only the multicast packets that were flooding the wireless and the wired network.
  We determined this using PRTG snmpv2 connection to the Cisco. Whenever the network flooding was occurring the packets per seconds went in the thousands. We now have put the following code on the Gbit interface: (The last line with the storm-control setting
  fixed flooding the network at least partially because the multicast packets cannot leave the Accesspoint to travel to other accesspoints or to wired devices.)
  Hope this helps others as well.
  interface GigabitEthernet1/0/7
   description AP06
   switchport trunk allowed vlan 1-99,101-4094
   switchport mode trunk
   speed 1000
   duplex full
   storm-control multicast level pps 200 50
  end

• Diamond Wireless and Verizon Partnership Extorting Customers

  Hey Community.
  I recently upgraded two phones on my Verizon Wireless account through Diamond Wireless.  After some issues with Verizon Wireless Customer Service, I decided to cancel my contracts with Verizon Wireless.  Well, now Verizon Wireless and Diamond Wireless are both charging Early Termination Fees.  I get that there has to be some sort of fee attached for not keeping the contract and for years we have all been told that this ETF is to cover the difference between full retail of the equipment and what was paid at contract start.  Well the breakdown for me is like this...
  $400 for two new HTC One's (regular retail is $600 each)
  $600 ETF for two cancelled phone lines through Verizon Wireless
  $400 ETF for two cancelled phone lines through Diamond Wireless
  Diamond Wireless is also requesting the equipment back, which would be an additional loss to me of $400 for the two.
  $1800 total in ridiculous fees.
  I have contacted Verizon Wireless who claim that they cant do anything about another company's contract.  I have contacted Diamond Wireless who just changes their story every time regarding the breakdown of the fees.  This whole process is nothing but extortion.  How is it even possible to pay more for two phones than full retail value with the understanding that you have to turn the phones back in, which is no where on either contract.
  At this point I am involving the State's Attorney General, Verizon Wireless and the owner of Diamond Wireless.  What kills me even more is that Diamond Wireless claims that they are Verizon Wireless' Number 1 Authorized Retailer, but none of this bad reputation is even worrying Verizon Wireless at all.
  All I want is to move on and at this point in the game I will be removing all services from Verizon Wireless along with my extended family.  Verizon Wireless is demonstrating through its actions that it doesn't care about its customers as much as it wants us all to believe.  So sad.

  I live in Arizona, went to a Diamond Wireless upgraded 4 phones, thought I was getting a good deal, then she swiped my card and said it didn't work. I gave her another and it did work. I get home and 2 days later both cards are charged. I call back to the store and only my sales clerk can fix it and she is not in. Call next day she is there and tells me to wait a day it will probably come off if not call back. It didn't and i did call back and she was off for two days and no one else at that store can help or no what to do. 2 days later I call back and she said she would contact Verizon's customer service and would call me back. 2 days went by with no return phone call. I had to call my bank and dispute the charges, they reversed them for me, but said if the company complained they would reinstate the charges. Then after all of that the sales clerk said my account would not change at all other than going down a little bit because of the insurance coming of the regular bill. End of month my account is an charged extra $90 for new device being used, even though 1 line was charged $30 twice and 1 line wasn't charged, and the last line was charged $30. When I called Verizon they said that is a service charge no matter where I go, and when I said I was not informed, he told me I would have to contact that store but there is nothing that can be done because it is a set service charge, then I asked why one line was charged twice and one line wasn't charged, he said he had no idea but regardless it didn't matter because I owed $30 for each phone so it still adds up correctly. When I said I would just cancel he said okay. I have been with Verizon for at least 15 years and this is how they treat loyal customers, wow. I hung up called my mom and appologized for the $30 charge that would be on her next bill as she was the 4th phone I updated that day, and being on a fixed income, I offered to pay it since she had no idea there would be any hidden charges. I have paid my bill because I am a person who always pays my bills because I worry about owing or being late, but I do not feel it was fair at all. I wish you luck with your Attorney General and if it happens to be Arizona, here is another one for your case.

• ISE and NAC wireless guest networks

  I have a wireless network that is NAC controlled and use lobby ambassador for guest wireless. What is the best way to migrate to ISE for guest. Are there problems running NAC and ISE on the same controller?
  Sent from Cisco Technical Support iPad App

  Hello,
  For your query regarding ISE and NAC following are my  findings, which might help you in order to solve your query.
  for your first question:-
  ISE is a free software upgrade for customers who have NAC appliance or NAC profiler. This is for both for the base and advance licenses.
  ISE is a 50% software discount for customers who have  NAC guest server. The 50% discount is a migration part for the base license only. The advance features license will not be impacted by this discount.
  for your second question:-
  There should be no issues running NAC and ISE on the same controller until and unless you are using two SSIDs.

• Multiple Airports with private and isolated guest wireless networks available from both

  Hi,
  I've been searching online for some equipment that can do what i want to do without going into the enterprise grade and spending $5000 on Cisco gear.
  Consider two locations approx 80m apart - Primary is a house, and secondary location is a garage. A Cat6 run exists between the two.
  The goal would be to have a wireless primary router in the house for wired and private wireless internet access, with an additional Guest wireless that is isolated from the private network that I can turn on and off if guests are coming over.
  In addition, the second location should also support both wired and wireless connections.
  It seems simple to me, one device in each location. The WAN port on the garage device would connect back to the house device. The two devices should be smart enough to know that one is extending the other. Someone on the guest wireless that is connected via the garage AP would not be able to see the wired devices even though it's traffic is going across the same wire back to the primary router.
  Can I do this without spending a fortune?
  Thanks

  Two Apple AirPorts would do most....but not all...of what you want.
  A few notes.....
  In order for the guest network feature to work correctly on an AirPort router, the "main" AirPort in the house must connect to a simple modem......not a modem/router or gateway device.  That is a deal killer for some users right there.
  When the guest network is activated in the garage, it must be activated for both AirPorts....house and garage.
  You could actiivate the guest network for the house and leave the guest network off in the garage if you wanted, no problem there.....but.....you could not activate the guest network in the garage without also activating it in the house first.
  "Guests" can only connect to the guest network using wireless. Up to you to decide if you want to leave the guest network open or use a password that would need to be used to connect to the network.
  But.....If "guests" had physical access to the AirPort in the garage....and they connected to one of the Ethernet ports on the AirPort in the garage, they would be connecting to your main or private network.
  So, if something like this was a concern, you would have to either hide the AirPort in the garage and trust that users would not find it....or....find some way to limit access to the back panel of the AirPort so that users could not connect to it using an Ethernet cable.
  If the features and installation limitations are acceptable, you could spend as little as $100 for each AirPort Express.
  If you wanted better performance from the AirPort in the house, you could use an AirPort Extreme there...about $200 and an AirPort Express in the garage.
  The deluxe option would be to use two AirPort Extremes.
  Finally, you would want to make sure that you understood the store's return policy before you buy.....in case something unexpected crops up, as can sometimes be the case.

• Guest wireless with WLC 2504, Catalyst 4510R+E and ASA 5510

  I need to add guest (internet only) wireless to our existing internal wireless and am looking for advice as to the best practice configuration. Existing infrastructure as follows:
  WLC 2504
  1142 LAPs
  4510R+E
  ASA 5510
  Existing configuration as follows:
  WLC management interface and APs addressed on the 192.168.126.0 /25 network
  Internal WLAN mapped to the management interface
  Management interface VLAN ID 0 (untagged) and dynamic AP management enabled
  WLC port 1 (only) connected to 4510 via trunk with native VLAN set to 7 and allowed VLAN set to 7
  4510 connected to ASA inside interface (security level 100)
  Switchport on 4510 connected to ASA configured as switchport access VLAN 99 (our internet VLAN)
  ASA inside interface NOT configured for subinterfaces and is addressed on the 192.168.121.0 /25 network
  What is the best way to add guest wireless to our existing configuration?
  Note: I need the guest wireless to be filtered by Websense as our internal wireless is
  Any advice would be greatly appreciated!

  Thank for the reply Scott. The configuration recommendations from Yahya did not work. I set up as he recommended and also added a dhcp scope on the wlc. Client gets dhcp but cannot even ping the wlc much less anything else. Yahya stated above to configure port 2 on the wlc to an access port on my 4510. Aren't all connections from the wlc supposed to be trunk links to the switch? Shouldn't I just leave the management interface on the wlc untagged and add a dynamic interface for each wlan and tag it with the approriate vlan id? And then leave the (one) physical connection on the wlc (port 1) connected to a trunk link on the 4510 that allows the required vlans?
  Any input would be greatly appreciated...
  JW