Wired Guest in 5.x 4402 - Does it Work???
Anyone get Wired Guest access working using the latest code 5.148 (or any code for that matter). In particular has anyone been sucessful using 1 WLC with ingress and egress on same controller. I have been trying for a week and does not work no matter what.
Thanks for all responses....
Armonk-
See next post with attached .doc
This post was trimmed.
4402 config
-Ingress int
Create a new interface <. myguests-ingress> assign it a VLAN ID <44>
Check the box that says Guest LAN
This interface has no IP, it is Layer2 only!
If there is an IP associated with this VLAN (anywhere), create another VLAN.
-Egress int (if you are already using one for wireless guest access, you can skip this step and reuse that one, I did!) It will not be called âEgressâ on the wireless, just interface. If you don't have one already, you need to create it
Create a new interface , assign it a different VLAN <55> than your ingress interface
Assign IP, netmask, and gateway info < 192.168.100.10, 255.255.255.0, 192.168.100.1 > (see Router section below)
I used addresses that were NOT on my business network, so guest IPs are easily distinguished from employees
Also since this traffic is within a VLAN, I need to route this traffic at some point to access my gateway
If you want to give guests DHCP addresses, assign a Primary DHCP Server to this interface (see DHCP section below)
Since I was using the WLC for DHCP, I put the IP of my management interface (or another of your choice)
-Internal DHCP (if you are using your WLC for DHCP this needs to be configured)
Start <192.168.100.100 > (same subnet as "egress")
End <192.168.100.200>
Network <192.168.100.0>
Mask <255.255.255.0>
Lease <86400>
Default router <192.168.100.1> (same as your gateway above)
This is really just an IP to route between VLANs, it may not exist yet
Don't worry if this is on another subnet as your real gateway (it should be), this is just a gateway IP for this subnet
You can route between VLANs (that's what I did) on your router
DNS server <10.10.10.50> (this a local DNS, but you could use anything I guess, even your ISPs DNS server)
Status = Enabled
-WLAN
Create a new WLAN, select Guest LAN as the type
Ingress is a L2 VLAN
Egress is a L3 VLAN or previously configured VLAN
Security Tab, select Web Auth/Pass
Advanced Tab, specify your DHCP
Check override (required for external DHCP)
Was not able to check DHCP Addr. Assignment = Required (bug?)
General Tab, check status = Enabled
Ignore the error; this is a bug!
Core Switch configuration (these commands are in CatOS)
Since wired guest access uses the same interface (in my config,) I did not have to do this step as it was done previously.
You need to configure your core switch to allow VLAN traffic from your WLC interfaces
VTP and VTP domain were previously configured; you may need to do this if you have never done VLANs on this switch
# set vlan 44 name MYGUESTS-INBOUND - - - IOS will be different
# set vlan 55 name MYGUESTS-OUTBOUND - - - IOS will be different
If you already have a vlan for wireless guests this step is already done
Setup trunking on the port coming from the WLC to your switch (I chose mod/port =3/5, yours will be different)
# set trunk 3/5 on dot1q - - - IOS will be different
This allows VLANs to traverse from the WLC to the switch, (you could specify which VLANs only)
I have created VLAN ACLs that restrict the access of guests, but that can be done after this is up and working
Now this next step was required for my environment, but I am not sure that all setups can be done like this. I have another DHCP server on my network, so I wanted to make sure that there was not a conflict. To do this I specified a port on my core switch to accept VLAN traffic for my ingress interface
Configure a port on my core switch to accept wired guest traffic (I chose mod/port =3/6, yours will be different)
# set vlan 44 3/6 - - - IOS will be different
It's possible you may also need to allow your egress VLAN depending on your setup
Dumb switch
Plug switch into the port specified
Similar Messages
-
Wired guest access - Unable to access network
Hello,
I've configured two WLC's with the exact same config one of them has working Wired guest network the other one does not.
The only difference in the two I know of is that the one that does not work is connected to a Cisco 3550 switch, the one that works is connected to a Cisco 7600.
The problem is when I connect a computer to the wired guest network I am able to get an IP address from the Internal DHCP server but unable to access the network.
I've tried pinging the gateway's IP and I get no answer.
The Port-channel interface has the correct VLans and the vlans exist on all switches.
If anyone see an error there or might have an idea why this is not working I would appreciate the feedback.
Config follows below..
regards,
Gk(Cisco Controller) >show running-config
802.11a cac voice tspec-inactivity-timeout ignore
802.11a cac voice stream-size 84000 max-streams 2
802.11b cac voice tspec-inactivity-timeout ignore
802.11b cac voice stream-size 84000 max-streams 2
location rssi-half-life tags 0
location rssi-half-life client 0
location rssi-half-life rogue-aps 0
location expiry tags 5
location expiry client 5
location expiry calibrating-client 5
location expiry rogue-aps 5
Cisco Public Safety is not allowed to set in thisdomain
ap syslog host global 255.255.255.255
auth-list ap-policy ssc enable
custom-web ext-webserver add 1 217.28.176.114
dhcp create-scope guestnetwork
dhcp address-pool guestnetwork 192.168.34.2 192.168.34.200
dhcp default-router guestnetwork 192.168.34.254
dhcp enable guestnetwork
dhcp dns-servers guestnetwork 212.30.200.200 212.30.200.199
dhcp network guestnetwork 192.168.34.0 255.255.255.0
local-auth method fast server-key *****
interface create guestnetwork 331
interface create guestnetwork-wired 332
interface address ap-manager 10.255.255.90 255.255.255.248 10.255.255.94
interface address dynamic-interface guestnetwork 192.168.34.1 255.255.255.0 192.168.34.254
interface address dynamic-interface guestnetwork-wired 192.168.35.1 255.255.255.0 192.168.35.254
interface address management 10.255.255.89 255.255.255.248 10.255.255.94
interface address service-port 10.60.4.200 255.255.255.0
interface address virtual 1.1.1.1
interface dhcp ap-manager primary 10.255.255.89
interface dhcp dynamic-interface guestnetwork primary 10.255.255.89
interface dhcp management primary 10.255.255.89
interface dhcp service-port disable
interface vlan ap-manager 226
interface vlan guestnetwork 331
interface vlan guestnetwork-wired 332
interface vlan management 226
interface port ap-manager 29
interface port guestnetwork 29
interface port guestnetwork-wired 29
interface port management 29
lag enable
load-balancing window 5
mesh security eap
mgmtuser add root **** read-write
mobility group domain XXXXXXX
mobility symmetric-tunneling enable
network otap-mode disable
network rf-network-name XXXXXXX
radius acct add 1 XXXXXXX 1813 ascii ****
radius auth add 1 XXXXXXX 1812 ascii ****
radius auth management 1 disable
spanningtree port mode off 1
spanningtree port mode off 2
sysname XXXXXXX
time ntp interval 3600
time ntp server 1 XXXXXXX
wlan create 1 hotspot hotspot
guest-lan create 1 hotspot-wired
wlan interface 1 guestnetwork
guest-lan interface 1 guestnetwork
wlan custom-web webauth-type external 1
wlan custom-web ext-webauth-url https://XXXXXXX
wlan session-timeout 1 disable
wlan wmm allow 1
wlan wmm allow 18
wlan security wpa disable 1
wlan security wpa disable 18
wlan radius_server auth add 1 1
wlan radius_server acct add 1 1
guest-lan radius_server auth add 1 1
guest-lan radius_server acct add 1 1
wlan dhcp_server 1 0.0.0.0 required required
wlan enable 1
guest-lan enable 1 -
Wired Guest Multicast Support ?
Is this feature available any latest WLC code ? Config Guides does not clear on this.
I found below config example for WLC 4.x & it stated this feature is not supported. Not sure if behaviour was modifed in any later release. I have checked with 7.x & seems not working.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml
Is there any way to get multicast working on wired guest (even in single controller environment) ?
Regards
RasikaHi Leo,
No, Normal wired guest user (like wireless guest users, we can create wired guest users traffic send to a anchor controller & then get an IP in a guest-lan configured on that)
My test setup is simple & having single WLC. I have crated a Guest LAN on a 4402 controller with vlan 139 as ingress (purly L2 & no gateway defined) & egress interface as vlan 130 (proper L3 gateway & DHCP defined)
When a PC put into vlan 139 switch port it is getting IP from vlan 130 as expected . Can browse with web pass through as I configured L3 security like that. I would like to know whether I could get multicast working for this wired guest user.
Hope that clear
Regards
Rasika -
ISE with CWA and wired guest access via WLC Anchor
Can an Anchor WLC (WLCa) provide a wired guest LAN service if the wlan guest access is using CWA?
We are deploying a WLAN only ISE solution (it is a full license ISE though) but they just want a few wired guest ports. I was hoping to add L2 switch to the DMZ where the WLCa is and that the L2 switch wouldnt need any other config as the WLCa just bridges the wired to the wlan vlan. This Im sure i have done before.
So now I have set wiredguest the same as i have done before ISE and my wired clients get an IP address, but when they redirect, the URL they get is different, and the redirect just doesnt work.
It comes out as:
https://my_ise_ip:8443/guestportal/Login.action?switch_url=https://my_ise_host/login.html&wlan=my_wired_guest_lan&redirect=www.google.co.uk
So does my simple L2 only switch need an ISE config on it or should the WLCa be handling or the redirection just as it would for a wlan device.The ISE never receives an auth entry, so i dont believe the redirect is working for the wired client. So even though the clients browser gets a redirect url which fails connection, the client info in the WLCa doesnt have a redirect ACL listed like a wlan client would
-
Having a heck of a time getting this to work.
First option is for the device to try and authenticate using Dot1X/EAP-TLS - for domain-connected devices only.
If that fails, they want the option to pop a CWA portal where they can enter either AD creds, or internal Guest user creds.
My challenge is the Policies and where to insert.
I'm using Policy Sets in ISE 1.2
Currently, I have these statements in the Default Policy Set:
Rule Name
Conditions
Permissions
Wired Guest Portal Auth
if Net Access:UseCase EQUALS Guest Flow
Permit Access
Wired Guest Redirect
if Wired_MAB
Wired CWA
What i figured is if they fail the .1X, they'll drop down here to Wired MAB, and that will initiate a redirect and Guest Flow.
Couple problems:
First, it does seem to try; a show auth sess shows the proper redirect URL getting sent to the switchport.
Unfortunately, my browser pop gives me a certificate not recognized error, and if i try to continue anyways, it doesn't do anything. Wireless Guest, which I copied works fine.
Second challenge is that it forces the redirect whether i have the switch (NAD) in Monitor Mode or Low Impact Mode. This is a problem because there are multiple sites, and we're cutting each over to Low Impact progressively.
Does anyone have any insight, or a document laying out in step by step terms implementing this?
thanks in advance.Hi Andrew! Yes, good job on fixing the portal issue!
And yes, the authorization rules are considered even in an open mode! And you are also correct that you will need to create different rules to account for NADs that are in production and for NADs that are in monitor mode. I have always liked using a separate Policy Set for Monitor Mode and a separate Policy Set for Production Mode. Then I used device location to match against these conditions. For each location I have two sub-groups: One for Monitor and one for Production. That way I can move a NAD from monitor mode to full production by simply changing its group.
Lastly, yes, your CWA rules should be at the bottom of your production authorization rules.
Thank you for rating helpful posts! -
Respected members of this community... :) I need help.
The last couple of days i spend implementing unified wireless at a customers site.
We used the latest versions of the controller and WCS software.
This new software offers a new feature, wired guest.
Since we already implemented 802.1x with a guest VLAN on the wired network last year, we wanted to offer the guest access functionality on the wired LAN as well.
So first we implemented wireless guest access, which worked fairly quickly.
Then we added another interface on the controllers, which matched the already existing wired guest VLAN. First we wanted to use that VLAN for wireless guests as well as wired, but we found out that is not possible (so we created a new wireless guest VLAN). Then we added a new WLAN wich we marked for wired guest.
Anyway, we followed the documentation and...could not get it to work.
The network is a layer 3 routed network with 40 or so VLANs. The controllers are connected to the core switch (with nicely configured trunks), which does all the routing.
DHCP is the first thing that didn't work. The interfaces we created on the controllers have the guest lan checkbox checked, ingress interface is the guest VLAN, egress interface is the mngt interface.
The DHCP relay function did not work.
DHCP will work with IP-helper configured on the VLAN interface on the core router, but this al goes outside of the controllers.
This is by the way the major thing i do not understand. With wireless, all traffic goes via de controller through the LWAPP tunel. But with wired, my layer 2 VLAN ends on the core switch, not on the controller.
So what should the default gateway be for that VLAN? The interface VLAN of the coreswitch or one of the controller IP adresses?
Traffic should be directed to the controllers (i guess?) to enable them to catch HTTP and send the redirect to the webauth page.
But if you set the default gateway to the controllers, DNS does not work because the controllers do not forward traffic untill after authentication, but for this to work, you need DNS for the client to start the HTTP session.
Is there anyone out there who has this working, including DHCP?
The customers network is flexible, we can build almost anything we want there, so iw we need to change something, we can.
Wireless guest was no problem at all, and de data WLAN, including 802.1x, auth on AD and dynamic VLAN assignment worked perfectly. So we did get something to work actually... :)Does this help?
<http://www.cisco.com/warp/public/102/wired_guest_access.pdf>
Also keep in mind that the clients and the controller needs L2 adjacency (i.e. the Guest-VLANs would need to be trunked directly to the controller where you define the Guest-WLAN).
I assume you have already deployed an anchor controller for wireless Guest traffic. So, the idea is to leverage the same EoIP tunnel infrastructure also for wired guest traffic. DHCP/DNS traffic should be blindly tunneled across this infrastructure, so your network services should be deployed in the anchor controller location (i.e. DMZ). Keep in mind again, that this design implements a logical L2 connection from the endpoints to the anchor controller.
Hope this helps, -
Hi
I have setup wireless guest access for a customer with a single 5508 and web authentication no problem at all. He then wanted to test wired guest access. The 5508 is currently connected to a single 3560 switch. The wired clients get a DHCP address OK but cannot reslove DNS and thus don't get redirected to teh guest login portal. I have even tried turning of all L3 security to no avail. The setup is as follows
VLAN 101 access points and 5508 management interface
VLAN 102 wired guest access dynamic ingress (L2 config only no SVI on 3560)
VLAN 103 wireless guest dynamic egress nterface L3 network with SVI on switch
VLAN 104 wired guest dynamic egress interface L3 network with SVI on switch
There are two DHCP pools setup on the WLC one for the VLAN 103 and one for the VLAN 104 subnets.
The internet router is also connected to the 3560 on a sepearte VLAN with an SVI. the 3560 has a default route to teh internet router and teh DHCP pools give the DHCP clients a default gateway of the IP address of dynamic interface 103 or 104. The Internet routre can ping the WLC on both these addresses.
LAG is enabled on teh WLC and VLANs 101-104 are trunked to it from the 3560.
I even tried making the wired guest egress interface the same one as for wireless. The wired clientys now got an IP address on the wireless range but still couldnt pass any traffic. It's like the intrenal bridging on teh WLC between VALN 102 and 104 (or 103) is broken. Tried both the lates 6.x and 7.x software on the WLC. Any ideas ? All the problems I can find with this seem to relate to not gettingas far as a DHCP address but that works fine.
Thanks
PatHi
Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC. -
Hi!
I enabled Wired Guest Access to connect Wired Ethernet Users to WLC. It doesn't explained on user guide how WLC does? If WLC strips 802.3 frame and encapsultes it with 802.11 or not. Any way, I couldn't redirect the ethernet flux to WLC and then to the external controller authenticator (Captive portal authentication). Need a help!
Cheers!In order to provide the wired guest access, the designated ports in the layer-2 access layer switch need to be configured on the guest VLAN by the administrator. The guest VLAN must be separate from any other VLANs that are configured on this switch. The guest VLAN traffic is trunked to the nearest WLAN local controller. The local controller tunnels the guest traffic across a EoIP tunnel to a DMZ Anchor controller. This solution requires at least two controllers.
Here is the URL for the Wired Guest Access using Cisco WLAN Controllers Configuration
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml#ancwlan -
Maximum number of wired guest clients ??
Does anybody knows which is the maximum number of simultaneous wired guest clients on a 5508? And in a 2112 controller?
Wired clients count as wireless clients??
What about anchoring limitations, what is the effect of wired guest clients on the anchor controller?2100 series WLC do not support Wired Guest Access.. 5500 wlc supports.. and i guess 5508 WLC can support max 150 simultaneous logins..
Lemme know if this naswered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
Wired guest access on WLC 4400 with SW 7.0.240.0
Hello,
after we upgrade our Wlan-controller 4400 from software 7.0.116.0 to 7.0.240.0
wired guest access don't work anymore.
All other things works fine, incl. WLAN guest access!
When we try wired guest access, we get the web-authentication page and can log in.
On the controller we can see that the Policy Manager State changes from WEBAUTH_REQD
to RUN.
But then there is no access to the internet.
We tried also SW 7.0.250.0, same problem!
Log Analysis on the WCS:
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :The WLAN to which client is connecting does not require 802 1x authentication.
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client does not have an IP address yet.
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L3 authentication is required
Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role update request. from Unassociated to Local Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.101.200.11
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role changed. State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :DHCP successful.
Time :03/12/2014 14:21:26 MEZ Severity :ERROR Controller IP :10.101.200.11 Message :Client got an IP address successfully and the WLAN requires Web Auth or Web Auth pass through.
Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client IP address is assigned.
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Webauth user logged in to the network. manni
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :AAA response message sent.
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
Trying http://www.google.de .... doesnt work. No Log Entries. Next entries while logging out.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Web auth is being triggered again.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L2 authentication has been completed successfully.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :WebAuth user Logged out from network.
Has someone a idea how to solve this problem?
Regards
ManfredHi
Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC. -
ISE Wired Guest + user without supplicant and dynamic vlan change
Hi All,
I have two issues:
Is it still an issue when a wired user who is directed to the ISE CWA, is able to stay authenticated as a guest for as long as they stay connected?
This is happening on our test pilot - a guest with 2 hour access on a wired connection can maintain the guest access for as long as they desire.
I hear that this isnt an issue for wireless, but yet to try this out. Is there a workaround for this?
Secondly my testing confirms that only users with a supplicant eg anyconnect NAM can be dynamically changed into a vlan (only tested on wired).
What I'd hope to do, is create a policy that when wired guest connect in, to dynamically change their vlan to the guest vlan (same one guest WLAN users will use).
Is this possible if the guest doesnt have a supplicant?One of my tasks was to rebuild the multiportal config, and looks like there was an option there to do a VLAN dhcp release and renew. I wont know if this will work until next week but it sounds promising. It was tucked down on the screen so I had to scroll down to find it...
Still dont have an answer about the guest able being able stay authenticated, or does this feature solve this issue as well? Only time will tell.. -
To the forum,
I am trying to create a guest wired network using my WLC 4402 (5.2.193.0). I have attached a diagram of basic lay out. I am using this document - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml - as a guide. The problem is I have a single WLC and not anchor in the DMZ. When I try to configure a ingress interface for the "WLAN" my only option is none.
My plan is trunk the layer 2 link that terminates on my perimeter firewall with both VLAN 199 (Guest wireless) and VLAN 198 (Guest Wired).
I would greatly appreciate any input or suggestions.
DougDoug,
You must create a "guest LAN" layer 2 interface on the WLC. This will be the ingress interface on the L2 vlan the wired guest will be in. Then the egress interface is going to be the L3 network those clients will actually have their IPs in.
Lee -
Wired guest access support on SRE G2
I have been trying to find info on support for wired guest access on SRE wireless module. Is it supported? Also, does 2100 wlc support it? I am running into sizing issues as I am seeing in documentation that it is supported on WiSM, 4400 (end of life), 5500, and 3750G (end of life). So, Am I only left with 5500? These are bunch of branch offices and do not know if having 5500 in each site is financially feasible. There is a requirement to have all these networks separate so we cannnot share controllers. Thank you in advance.
It's more like "all WLCs support what is in config guide unless stated otherwise".
http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps7206/ps7221/product_data_sheet0900aecd805aaab9.html
the Cisco 2100 Series enables administrators to securely manage WLANs and mobility services, such as enhanced security, voice, guest access, and location services."
It says nowhere that the SRE can't do wired/wireless. So it does the same as other WLCs from that point of view -
I am trying to allow guests on windows to connect to shares on my Lion server but it keeps asking for a password for guest. I have allow guest users to access this share enabled but it still does not work.
Ditto. Guest accounts shouldn't have a password. No way to enter one in System Prefs...
-
"Out of the box" or "out of my mind"? (Wired Guest from 4.1 to 5.X)
As we all know and love, the 1000 Series Access Points are no longer supported past 4.2. And I haven't quite heard the fate of the 1510 Mesh AP's either. However, I hate for this to prevent me from going to 5.X when the time comes right. Since I use Anchoring for Guest Access, and you are not supposed to anchor between 4.1 and 5.x I've come up with a "plan".
I'll leave all my 1000 Series and Mesh AP's on a 4.1 Mesh Controller and instead of anchoring the GUEST SSIDs to my DMZ Controller, I'm going to dump the WLAN to a Layer2 VLAN. On another controller at 5.x, I'm going to pick up this VLAN as a "Wired Guest". And then, I'm going to Anchor this to my DMZ Controller just like I do my Wireless Guest SSIDs.
In theory, any "Guest" users on the Mesh controller will dump on to the Wire in a VLAN that isn't routed, be picked up on the 5.x controller, be anchored to the DMZ controller, and dumped in to the DMZ like all other Wireless Guest Users.
I was waiting for 5.2 before I did it, but what do you think?I'm trying to get asimilar solution working: I have some autonomous AP350s which I'm not allowed to get rid of, and am trying to bring guest traffic from those APs in through my controller system as wired guests.
Haven't gotten it working yet - clients are not receiving DHCP offers (although the offers are making it back to the controller from the DHCP server). Will post resolution if/when I have one.
Maybe you are looking for
-
How to call SP automatically when issue a select clause?
I have a dw to get data from sql select like: select * from tab, proxytab where tab.id = proxytab.id ... the proxy table is created based on a stored procedure result set. When dw retrieve data, it will call sp automatically by proxy table. but there
-
Process order confirmation reversal
HI friends, I am cancelling a process order confirmation using T-code CORS. The confirmation cancellation is happening, but the goods movements are not reversed. Help in resolving will be much appreciated. Thanks in advance. Warm regards Vivek
-
Hello, I'm using a MacBook Snow Leapord and I'm trying to connect it with my Canon MP560 printer/scanner. I installed the CD and followed along with the manual and did everything it asked, at the end it told me it was finished. So then I went to go p
-
Shipping point not defaulting loading group for materials
Hello all, I would like to know how to set up a particular shipping point defaulting to particular loading group for certain group of materials. would this change has to be done manually in the material master or is there any customizing changes that
-
I am having problems with my Magic Trackpad. All I can do is move the cursor and single click. I using the most current version of Lion.