Limiting bandwidth for Guest WLAN in AP1300

Hi All,
Can I limit bandwith for guest in a wlan network with out Wlan controller? and of course, how can I do it?
thanks in advance
P.S.: I heard something about bronze profile in a wlan controller envoiroment, I need something like that but in an independent AP.

Sorry for my delay but I was outt of the office.
Could you show me how to do that?
thanks in advance

Similar Messages

  • How to limit bandwidth for guest per connection/user on 2504 WLC?

    We have 2504 Controller with 24 AP's registered in a hotel and we would like to limit bandwidth per connection or per user.
    I went to QOS Profiles > Bronze >
    I do not see Per user Bandwidth Contracts(K)* instead I see WLAN QOS Parameters with below options.

    Hello
    Our WLC model 5508, but there is confusion on difference between Override Per-User Bandwidth Contracts (kbps) vs Override Per-SSID Bandwidth Contracts (kbps)
    Our requirement-
    On Guest SSID  - Each user / session should not exceed bandwidth more than 758kbps upstream/downstream
    Only Guest users cannot login to multiple device with single userID - applicable only to Guest SSID other SSID should not get impacted.
    hope to get some response
    cheers
    ST

  • HOW TO CONFIGURE GUEST NETWORK AND LIMITE BANDWIDTH

    Dear all,
    Please help me how to configure internet access rule and limited the bandwidth for guest network via TMG Forefront 2010.
    Thanks you & best regards,
    Hung Viet 

    Hi,
    First you can create the new network set which is mapped to guest subnet, after that you can create access rule for this network set.
    If you want to control bandwidth, you may need 3-party tool like this:http://www.bsplitter.com/
    Best Regards
    Quan Gu

  • Controllers in the same WISM module in the 6500, i'm trying to make one of them anchor controller for guest internet

    I have 2 controller in the same WISM module and I'm trying to make one of them Anchor controller for guest WLAN, but when I give put the anchor controller in a separated non-routed VLAN and connect it to an outside switch by creating VLAN 192 on the core. ( the Internet router is connected to the same switch).-it is showing path down... ( VLAN 192 visitor Internet and VLAN 224 my internal controller management VLAN are not talking)
    there is no routing between these 2 VLAN ( because of security), but i can't get the controller to communicate.
    -if I connect my laptop to this switch I'm able to go out on Internet but my visitor WLAN is not able to get IP address from the router connected to this switch.
    - I called Cisco and one the guys told me that i can leave the management in VLAN 224 for the controller to communicate ( which they did), but the issue I'm having right now is that my visitors are not getting IP addresses from this VLAN at all
    some one please advise
      vlan192   4/1 vlan 192              int g0/0 192.168.2.201
      6500 ----- switch ---- router---------  (outside)
        |         |   |
        |        DHCP server
       WLC

    A couple of questions, is VLAN 192 allowed across the trunk link to the wlc?  Do you have an interface tagged for vlan 192, with a valid address?  What is providing the DHCP?
    Cheers,
    Steve
    If  this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.

  • Guest WLAN and DNS tunneling (IP over DNS with iodine, NSTX, etc)

    Hello,
    I'm trying to implement guest WLAN with web authentication on the WLC 2504. L3 for guests WLAN is terminated on ASA 5510 (as subinterface).
    All works pretty fine. Guests clients are prompted to enter login/password, guests are authenticated against ACS and so on.
    But I have a strange idea. How can I prevent unauthorised DNS tunneling from the guest network?
    I think that DNS tunneling can be prevented with dns-guard on ASA and dns inspections, e.g. drop dns packets larger then 512 bytes and perform deep inspection againd packets.
    Any ideas or advices?

    Hello,
    I'm trying to implement guest WLAN with web authentication on the WLC 2504. L3 for guests WLAN is terminated on ASA 5510 (as subinterface).
    All works pretty fine. Guests clients are prompted to enter login/password, guests are authenticated against ACS and so on.
    But I have a strange idea. How can I prevent unauthorised DNS tunneling from the guest network?
    I think that DNS tunneling can be prevented with dns-guard on ASA and dns inspections, e.g. drop dns packets larger then 512 bytes and perform deep inspection againd packets.
    Any ideas or advices?

  • Getting really frustrated! I bought Photoshop 7, upgaded to CS2 then upgraded to CS3, now I have had computer problems and looks like both are now gone, they were not de-installed. I have limited bandwidth (I live int he country) and need a new box versio

    I bought Photoshop 7, upgraded to CS2 then upgraded to CS3.  I live in the country and have limited bandwidth for my internet, therefore, the cloud will not work and I must have a box version. In Jan Best Buy did work on my laptop and did not de-install CS3, now my desktop has died and believe CS3 on it is also gone. I have the serial numbers and can not find how to contact Adobe.
    I only use it for photography and do not want CS6, so I need help, can anyone help me. Thanks a million.

    Why on Earth are you getting frustrated?  ?? !!  
    You don't even need to "contact Adobe", unless you need to activate that old deleted version.  You are entitled to two activations.
    Just download the CS3 trial version and input your serial numbers (the installer might prompt you for the previous serial number since your CS3 probably has an update s/n).
    Download CS3 products  <=== click on link
    Anytime you want to look for something on the Adobe site, just do a Google search and add "site:adobe.com" (without the quotes) at the end of the string of keywords, for instance, this what to type in Google to find the CS3 downloads:
    download Photoshop cs3 site:adobe.com
    Just change "CS3" for whatever version you want.
    Using the Adobe web site search function is futile.
    Now, if you had two activations already, just call customer service and they will deactivate one or both for you—after quickly verifying your registration..  No big deal.
    Click on the link below, and after that click on "Still need Help? Contact us."
    Then on the next page, click Chat
    There is also a phone option.
    http://helpx.adobe.com/contact.html?step=PHXS_downloading-installing-setting-up_licensing- activation

  • Guest wlan

    Almost there.
    Scenario:
    2504 wlc
    Aps 1140
    Port 1 lan radius all ok
    Port 2 defined for guest wlan directed attach no isp router dhcp
    1 utp cable on router acquire ip address
    On guest wlan no ip address is given i think i tried every combinations
    Any help?
    Sent from Cisco Technical Support iPhone App

    Scott Fella wrote:How is the controller setup. You using LAG or not? (NO, it supports???) How many ports on the wlc is connected to the switch? (ONE)  What is the ip of your dhcp server? (My lan dhcp - 192.168.2.a)
    Post the show WLAN for each of your WLAN's you have created.WLAN Identifier.................................. 3
    Profile Name..................................... Guest WLan
    Network Name (SSID).............................. WYguest
    Status........................................... Disabled
    MAC Filtering.................................... Disabled
    Broadcast SSID................................... Disabled
    AAA Policy Override.............................. Disabled
    Network Admission Control
      Radius-NAC State............................... Disabled
      SNMP-NAC State................................. Disabled
      Quarantine VLAN................................ 0
    Maximum number of Associated Clients............. 0
    Number of Active Clients......................... 0
    Exclusionlist Timeout............................ 60 seconds
    Session Timeout.................................. 1800 seconds
    CHD per WLAN..................................... Enabled
    Webauth DHCP exclusion........................... Disabled
    Interface........................................ management
    Multicast Interface.............................. Not Configured
    --More-- or (q)uit
    WLAN ACL......................................... unconfigured
    DHCP Server...................................... Default
    DHCP Address Assignment Required................. Disabled
    Static IP client tunneling....................... Disabled
    Quality of Service............................... Silver (best effort)
    Scan Defer Priority.............................. 4,5,6
    Scan Defer Time.................................. 100 milliseconds
    WMM.............................................. Allowed
    WMM UAPSD Compliant Client Support............... Disabled
    Media Stream Multicast-direct.................... Disabled
    CCX - AironetIe Support.......................... Disabled
    CCX - Gratuitous ProbeResponse (GPR)............. Disabled
    CCX - Diagnostics Channel Capability............. Disabled
    Dot11-Phone Mode (7920).......................... Disabled
    Wired Protocol................................... None
    IPv6 Support..................................... Disabled
    Passive Client Feature........................... Disabled
    Peer-to-Peer Blocking Action..................... Disabled
    Radio Policy..................................... All
    DTIM period for 802.11a radio.................... 1
    DTIM period for 802.11b radio.................... 1
    Radius Servers
       Authentication................................ Disabled
    --More-- or (q)uit
       Accounting.................................... Disabled
       Dynamic Interface............................. Disabled
    Local EAP Authentication......................... Disabled
    Security
       802.11 Authentication:........................ Open System
       Static WEP Keys............................... Disabled
       802.1X........................................ Disabled
       Wi-Fi Protected Access (WPA/WPA2)............. Enabled
          WPA (SSN IE)............................... Disabled
          WPA2 (RSN IE).............................. Enabled
             TKIP Cipher............................. Disabled
             AES Cipher.............................. Enabled
                                                                   Auth Key Management
             802.1x.................................. Disabled
             PSK..................................... Enabled
             CCKM.................................... Disabled
             FT(802.11r)............................. Disabled
             FT-PSK(802.11r)......................... Disabled
    FT Reassociation Timeout......................... 20
    FT Over-The-Air mode............................. Enabled
    FT Over-The-Ds mode.............................. Enabled
    CCKM tsf Tolerance............................... 1000
    --More-- or (q)uit
       CKIP ......................................... Disabled
       Web Based Authentication...................... Disabled
       Web-Passthrough............................... Disabled
       Conditional Web Redirect...................... Disabled
       Splash-Page Web Redirect...................... Disabled
       Auto Anchor................................... Disabled
       H-REAP Local Switching........................ Disabled
       H-REAP Local Authentication................... Disabled
       H-REAP Learn IP Address....................... Enabled
       Client MFP.................................... Optional
       Tkip MIC Countermeasure Hold-down Timer....... 60
    Call Snooping.................................... Disabled
    Roamed Call Re-Anchor Policy..................... Disabled
    SIP CAC Fail Send-486-Busy Policy................ Enabled
    SIP CAC Fail Send Dis-Association Policy......... Disabled
    Band Select...................................... Disabled
    Load Balancing................................... Disabled
    Mobility Anchor List
    WLAN ID     IP Address            Status
    Sent from Cisco Technical Support iPhone App

  • RADIUS Bandwidth limit on guest WLAN

    Hi Everyone,
    I'm running a WLAN scenario which includes a WLC 5508 (7.0) and a bunch of CAPWAP access points. I just deployed a guest SSID that implements a RADIUS server (freeRadius) for authentication and accounting the guest users and everything works fine. However I need to limit the bandwidth on a per-user basis having different BW allocated on the users.
    In other words:
    SSID: "Guest-SSID" with web authentication
    Users (download/upload bandwidth limit in kbps): user1 (512/512), user2 (1024/1024), user3 (512/2048)
    When user1 connects, he will be able to download/upload at a 512 Kbps data rate, same as user2 with a d/u 1024 Kbps data rate. And user3 will be able to download at 512 Kbps and upload at 2048 Kbps. The 3 users will be connected on the same SSID: "Guest-SSID".
    I've been searching and found that the WLC honors some Airespace attributes that may do the magic, however they are not documented anywhere else but the WLC Configuration Guide. I have modified the freeradius Airespace dictionary but when authenticating, when the RADIUS sends the accept message incluiding the attributes, the WLC shows attribute is considered as unknown, even though the conf. guide shows they must be supported.
    I guess it may be caused by a wrong attribute name. Is there something else missing?
    This is the WLC AAA debug detail:
    (Cisco Controller) >*aaaQueueReader: Mar 19 18:35:08.705: AuthenticationRequest: 0x30b56248
    *aaaQueueReader: Mar 19 18:35:08.705:   Callback.....................................0x10770a64
    *aaaQueueReader: Mar 19 18:35:08.706:   protocolType.................................0x00000001
    *aaaQueueReader: Mar 19 18:35:08.706:   proxyState...................................F4:09:D8:20:11:2F-00:00
    *aaaQueueReader: Mar 19 18:35:08.706:   Packet contains 11 AVPs (not shown)
    *radiusTransportThread: Mar 19 18:35:08.708: AuthorizationResponse: 0x13e25bb0
    *radiusTransportThread: Mar 19 18:35:08.708:    structureSize................................216
    *radiusTransportThread: Mar 19 18:35:08.708:    resultCode...................................0
    *radiusTransportThread: Mar 19 18:35:08.708:    protocolUsed.................................0x00000001
    *radiusTransportThread: Mar 19 18:35:08.708:    proxyState...................................F4:09:D8:20:11:2F-00:00
    *radiusTransportThread: Mar 19 18:35:08.708:    Packet contains 9 AVPs:
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[01] Unknown Airespace / Attribute 7..........0x00000100 (256) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[02] Unknown Airespace / Attribute 8..........0x00000100 (256) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[03] Unknown Airespace / Attribute 9..........0x00000180 (384) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[04] Unknown Airespace / Attribute 10.........0x00000180 (384) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[05] Unknown Airespace / Attribute 11.........GRN-Test (8 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[06] Unknown Airespace / Attribute 13.........0x00000100 (256) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[07] Unknown Airespace / Attribute 14.........0x00000100 (256) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[08] Unknown Airespace / Attribute 15.........0x00000180 (384) (4 bytes)
    *radiusTransportThread: Mar 19 18:35:08.708:        AVP[09] Unknown Airespace / Attribute 16.........0x00000180 (384) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718: AccountingMessage Accounting Start: 0x30b56248
    *aaaQueueReader: Mar 19 18:35:08.718:   Packet contains 14 AVPs:
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[01] User-Name................................0x6173 (24947) (2 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[02] Nas-Port.................................0x0000001d (29) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[03] Nas-Ip-Address...........................0xc0a89605 (-1062693371) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[04] Framed-IP-Address........................0xc0a8967b (-1062693253) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[05] NAS-Identifier...........................WLC-CCIE (8 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[06] Airespace / WLAN-Identifier..............0x00000006 (6) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[07] Acct-Session-Id..........................550b5d2c/f4:09:d8:20:11:2f/2 (28 bytes)
    *aaaQueueReader: Mar 19 18:35:08.718:       AVP[08] Acct-Authentic...........................0x00000001 (1) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.719:       AVP[09] Tunnel-Type..............................0x0000000d (13) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.719:       AVP[10] Tunnel-Medium-Type.......................0x00000006 (6) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.719:       AVP[11] Tunnel-Group-Id..........................150 (3 bytes)
    *aaaQueueReader: Mar 19 18:35:08.719:       AVP[12] Acct-Status-Type.........................0x00000001 (1) (4 bytes)
    *aaaQueueReader: Mar 19 18:35:08.719:       AVP[13] Calling-Station-Id.......................192.168.150.123 (15 bytes)
    *aaaQueueReader: Mar 19 18:35:08.719:       AVP[14] Called-Station-Id........................192.168.150.5 (13 bytes)
    My Airespace dictionary:
    VENDOR          Airespace                       14179
    BEGIN-VENDOR    Airespace
    ATTRIBUTE       Airespace-Wlan-Id                       1       integer
    ATTRIBUTE       Airespace-QOS-Level                     2       integer
    ATTRIBUTE       Airespace-DSCP                          3       integer
    ATTRIBUTE       Airespace-8021p-Tag                     4       integer
    ATTRIBUTE       Airespace-Interface-Name                5       string
    ATTRIBUTE       Airespace-ACL-Name                      6       string
    ATTRIBUTE       Airespace-Data-Bandwidth-Average-Contract               7       integer
    ATTRIBUTE       Airespace-Real-Time-Bandwidth-Average-Contract          8       integer
    ATTRIBUTE       Airespace-Data-Bandwidth-Burst-Contract                 9       integer
    ATTRIBUTE       Airespace-Real-Time-Bandwidth-Burst-Contract            10      integer
    ATTRIBUTE       Airespace-Guest-Role-Name                               11      string
    ATTRIBUTE       Airespaces-Data-Bandwidth-Average-Contract-Upstream     13      integer
    ATTRIBUTE       Airespace-Real-Time-Bandwidth-Average-Contract-Upstream 14      integer
    ATTRIBUTE       Airespace-Data-Bandwidth-Burst-Contract-Upstream        15      integer
    ATTRIBUTE       Airespace-Real-Time-Bandwidth-Burst-Contract-Upstream   16      integer
    VALUE   Airespace-QOS-Level             Bronze                  3
    VALUE   Airespace-QOS-Level             Silver                  0
    VALUE   Airespace-QOS-Level             Gold                    1
    VALUE   Airespace-QOS-Level             Platinum                2
    END-VENDOR Airespace
    This is the configuration guide I'm using:
    http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_security_sol.html#pgfId-1457964
    Table 6-5.
    Any help will be really apreciated!
    Regards!
    Jonathan S.

    If you choose to create an entry on the RADIUS server for a guest user and enable RADIUS authentication for the WLAN on which web authentication is performed rather than adding a guest user to the local user database from the controller, you need to assign the QoS role on the RADIUS server itself. To do so, a “guest-role” Airespace attribute needs to be added on the RADIUS server with a datatype of “string” and a return value of “11.” This attribute is sent to the controller when authentication occurs. If a role with the name returned from the RADIUS server is found configured on the controller, the bandwidth associated to that role is enforced for the guest user after authentication completes successfully.

  • Guest WLAN need to re-authenticate for each new tab

    Hi,
    We installed recently a new WLC 2504 with 22 AP's.
    We use web authentication for the guest WLAN.
    The porblem is : users can login and authenticate but whenever the open a new webbrowser tab they need to re-authenticate again.
    And this for each new tab they open.
    Anybody knows how to solve this?

    No, the user shouldn't have to reauthenticate for every tab they open, once the clients entry is built in the MSCB they should stay in a RUN state until either the reauth timer or the user idle timer expire.
    First I'd upgrade to 7.0.220.0 and see if that resolves the issue.  If it doens't get a TAC case open.
    Steve

  • Throttling Guest WLAN on WLC 8500

    What is the best practise to throttle the Guest WLAN, which is only used for Internet access?

    I agree with Steve.  The situation is really going to depend on your bandwidth and just how important you feel your guest traffic is.   You also have to run a higher version of code at least 7.4 to get more granular with limiting.
    But here's something to consider.  My deployments are pretty much a controller per facility.  I tend to bandwidth limit by (guest) SSID and just provide a 10mbps DOWN and 5mbps UP.  Of course depends on the size of the facility and the number of guests.  That said my guests users are typically email and browsers but there are more and more video streamers coming online but for now I use 10M and 5m and run about 300 connections with no problems.
    ***I don't like to modify the Qos profile and limit because that requires that you shut down the radios.  I like to modify the override section on the WLAN / Qos settings. 
    Good luck.

  • Using ISE for guest access together with anchor controller WLC in DMZ

    Hi there,
    I setup a guest WLAN in our LAB environment. I have one internal WLC connection to an anchor controller in our DMZ. I'm using the WLC integrated web-auth portal which works fine.
    To gain more flexibility regarding guest account provisioning and reporting my idea is to use Cisco Identity Services Engine (ISE) for web-authentication. So the anchor controller in the DMZ would redirect the guest clients to the ISE portal.
    As the ISE is located on the internal network while the guest clients end up in the DMZ network this would mean that I have to open the web-auth portal port of ISE for all guest client IPs in order to be able to authenticate.
    Does anyone know of a better solution for this ? Where to place the ISE for this scenario, etc ?
    Thx
    Frank

    So i ran into a similar scenario on a recent deployment:
    We had the following:
    WLC-A on private network (Inside)
    ISE Servers ISE01 and ISE02 (Inside)
    WLC-B Anchor in DMZ for Guest traffic (DMZ)
    ISE Server 3 (DMZ)
    ISE01 and ISE02 are used for 802.1X for the private network WLAN.
    Customer does not allow guest traffic to move from a less secure network to a more secure network (Compliance reasons).
    The foreign controller (WLC-A) must handle all L2 authentication and it must use the same policy node that the clients will hit for web auth.  Since we want to do CWA, we use Mac Filtering with ISE as the radius server.  If you send this traffic RADIUS authentication for Mac Filtering to ISE01/ISE02, it will use https://ise01.mydomain.com/... to redirect the client to.  Since we don't allow traffic to traverse from the DMZ with the anchor in it back inside to the network where ISE01 and ISE02 are, client redirection fails.  (This was a limitation of ISE 1.1.  Not sure if this persists in 1.2 or not.
    So what now?  In our deployment we decided to use a 3rd ISE policy node (ISE03 in the DMZ) for guest authentiction from the Foreign controller so that the client will use a DNS of https://ise03.mydomain.com/... to redirect the client to.  Once the session is authenticated, ISE03 will send a CoA back to the foreign which will remove the redirect for the session.  Note, you do have to allow ISE03 to send a CoA.
    In summary, if you can't allow guest traffic to head back inside the network to hit the CWA portal, you must add a policy node in a DMZ to use for the CWA portal so they have a resolvable and reachable policy node.

  • Local Authentication for Guest accounts created on WCS

    I'm not sure this is technically possible but I have a requirement to set up an SSID on a WLC whereby I can provision guest user accounts from the WCS and have the WLC / SSID authenticate against the guest account created on the WCS. The SSID would not be a web-auth / layer 3 auth model but preferably be able to utilise layer 2 authentication (802.1x) against the account within WCS. Can anyone tell me if this is actually possible?
    Thanks in advance for your help.
    Cheers
    Sent from Cisco Technical Support iPad App

    Ok then .. Sounds like you are already very fimilar with the wlc..
    Lets kick a few ideas around ..
    If you want to use WCS lobby then you cant use radius, becuase WCS will not update radius accounts. But you could use the WLC as a radius server and store the guest account(s) on the WLC. Gives you 802.1X security, WCS loddy admin access and your guest accounts. You can also expire the accounts as well. So you would move the control from radius to the wlc. You can also apply your qos / bandwidth.
    Another option would be to create radius accounts. Set up your guest wlan, point it to radius. You can still apply a global bandwith restriction within the qos profile on the wlc.
    "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
    ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

  • Guest Wlan multiple login with Cisco Identity Services Engine

    Dear all,
    I have been looking for some details with regards to multiple logins on Guest WLAN.
    Currently my customer is facing the following problem
    When a Guest Wlan user logs in, the same user could login again on the same time frame,
    in other words guest Wlan user can login multiple times.
    is this intentional or a bug on the ISE
    product name : L-ISE-BSE-250=
    any advice or any article related to this would really appreciate it
    thanks in advance
    Lnacellot

    Ok, Ranjane you took me back to 1900BC, had to dig the case up for you.
    to be clear this is what customer wants
    a guest user concurrently login from two devices at the same time
    What  he wants is: any given time Guest user should be only able to login  once (Ex if you login to your PC and leave it logged on, then go to a  another PC with same user you would be able to login – this need to be  limited)
    So under the User login Policy this should be able to limit to one login
    you may want to check  the concurrent session limit on the WLC: It is under  Security > AAA > User Login Policies. There is a global number,  that will limit the concurrent logins from a single user name.
    hope it was useful
    regards,
    lancellot

  • How do to set up time limits on a guest network

    I have a new generation Airport Time Capsule and I have set up a Guest Network for my kids but I would like to set up time limits on the Guest Network also, is there a way to do it?

    It is not possible to set up specific time limits for the Guest Network as a whole, but it is possible to set up individual time limits for each device that will be connecting to the Guest Network.....and, also the main network for that matter.
    If you can provide us with some more specifics on what you are trying to accomplish, how many devices will be involved, etc.......that will help us craft our answer to provide accurate information.
    Meanwhile, if you want to take a look at the general settings in Timed Access....
    Open Macintosh HD > Applications > Utilities > AirPort Utility
    Click on the Time Capsule icon, then click Edit
    Click the Network tab at the top of the screen
    Enter a check mark in the box next to Enable Timed Access
    Click on the Timed Access button
    Click Cancel to avoid making any changes to your current setup

  • Client unable to get IP address on guest wlan

    Hi all,  I recently setup a 2504 WLC that has two primary WLANs (internal and guest) which get their IP addresses from a central DHCP server using the local router's broadcast forwarding.  Things seem to be working well for the internal wlan, but clients on the guest wlan don't seem to be getting IP addresses.  If I give the client a static IP they are able to communicate across the wlan okay.
    It is worth noting that I am using LAG between the controller and router and this guest wlan is really just a regular wlan (with PSK) that has an access-list applied to force it to the internet only.  The access-list should be allowing dhcp requests through, but in any case, I removed the access-list and it made no difference.
    Here is a debug client for a machine connected to the guest vlan (vlan 33).  The internal wlan is on the 10.10.10.0/24 network (same as wired and same that the AP's are connected to) and the guest wlan is 10.33.0.0/16.     I don't understand why I am seeing the dhcp request come from the internal vlan/wlan first and it gets an IP address on this network.  I then see a request on the guest wlan/vlan at which point it appears to get a valid IP address on the guest network (10.33.0.0), but the client never sees this.  
    Thoughts? 
    Thanks,
    Bryan
    (Cisco Controller) >debug client 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREQUEST (1) (len 308,vlan 1, port 13, encap 0xec03)
    *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 0
    *DHCP Socket Task: Feb 25 00:49:32.991: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to DS
    *DHCP Socket Task: Feb 25 00:49:32.992: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 331,vlan 1, port 13, encap 0xec00)
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP processing DHCP OFFER (2)
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 0
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.10.10.165
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 10.10.10.246,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
    *DHCP Socket Task: Feb 25 00:49:32.993: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
    *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 308,vlan 33, port 13, encap 0xec00)
    *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP processing DHCP OFFER (2)
    *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 0
    *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:32.994: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 10.33.1.1
    *DHCP Socket Task: Feb 25 00:49:32.995: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 10.10.10.246,  giaddr: 10.33.0.1
    *DHCP Socket Task: Feb 25 00:49:32.995: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
    *DHCP Socket Task: Feb 25 00:49:32.995: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREQUEST (1) (len 308,vlan 1, port 13, encap 0xec03)
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP processing DHCP REQUEST (3)
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 1, flags: 0
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   requested ip: 10.10.10.165
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
    *DHCP Socket Task: Feb 25 00:49:33.997: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to DS
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 308,vlan 1, port 13, encap 0xec00)
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP processing DHCP NAK (6)
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 8000
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
    *DHCP Socket Task: Feb 25 00:49:33.998: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP received op BOOTREPLY (2) (len 308,vlan 33, port 13, encap 0xec00)
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP processing DHCP NAK (6)
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   op: BOOTREPLY, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   xid: 0xbcf5ea3c (3170232892), secs: 0, flags: 8000
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   chaddr: 8c:2d:aa:36:ca:a3
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   siaddr: 0.0.0.0,  giaddr: 10.33.0.1
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP   server id: 10.10.10.246  rcvd server id: 10.10.10.246
    *DHCP Socket Task: Feb 25 00:49:34.000: 8c:2d:aa:36:ca:a3 DHCP successfully bridged packet to STA
    *apfMsConnTask_1: Feb 25 00:49:35.320: Stats update: Non Zero value

    One way to test also is to connect a laptop to a port assigned for the guest vlan. If the device gets an IP, then it's something on the WLC you have to configure. If the device doesn't, then it's a network issue or dhcp server issue.
    Sent from Cisco Technical Support iPhone App

Maybe you are looking for

  • How to repair the Application Manager?

    I installed the TCS 4, but the Adobe Application Manager refuses to start and prompts me to reinstall because it "is damaged". But even after installing the latest version available, the problem persists. What can I do? (Win7, VM) Any help appreciate

  • How do I upload a scanned picture to facebook?

    How do I upload a scanned picture to facebook?

  • Getting Unicode Programs Error

    I have declared global field as  in one program  as %count-mapl , i m copying the program to other server. It gives syntax error as "in unicode prgms character - cannot appear in names, as it does  here in name %count-mapl" What does this means? Plea

  • Making changes in background color of COLUMNS

    Hi, Does anyone know how we can make changes to the background color of the columns (it's navy blue by default), also how to change the colur and font of the alphabets in it. Thanks in advance,

  • Why can't i get the ipad to respond to touch

    I can open a program OK but can't seem to be able to close. what am i doing wrong?