WRT1900AC Problems & Guest Access

Hello,
I'm fairly new to the forums and I have a WRT1900AC set up for a small business and it has been full of problems since the start. First there seems to have been a bit of false advertising on the router saying that it was open source ready. I suppose I should have done some research on the router before buying it so that's also a bit my fault as well. So it seemed like a decent enough router anyways with the standard firmware on it.
Using the standard firmware however has caused some problems. First just before the most recent firmware update (1.1.8.164461), using the old firmware (1.1.8.1619172) had a bug whenever I'd select in the settings the Connectivity -> Local Network tab the router would crash and lose all settings and remain unaccessable until a hard reset. Thankfully the most recent firmware update resolved that issue and I'm not getting that bug.
However, it still seems to be an issue for me with both firmware versions that the Guest Network doesn't function.  I've been able to set it up with network names, passwords, etc. When I try to connect to the guest network with any device I get a limited connectivity notification and no pages will display. As far as I know the device should be getting routed to a password page for full internet access, but that's just not the case.  I've tried with multiple devices, turning the feature off and on, rebooting the router, different network names with passwords and can't seem to get the guest network to work.  I've seen a suggestion of not using the 192.168.2.x subnet, but there's no such subnet currently in use on the local network.  Any suggestions on getting this part fixed?

Yes disabling DHCP will also disable the quest wireless because the router picks a subnet for the guest network and hands out IP Addresses for it via the DHCP Server.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support

Similar Messages

  • WRT1900AC Guest Access

    Hello,
    I notice that the guest access feature only works if the DHCP server on the router is enabled. We have a Windows 2008 domain controller in our network which is hosting the DHCP service and we would rather not change this. Is there any way to make the guest access function work using a DHCP server *not* hosted on the router?
    Thanks

    Not sure if bridge mode would work for you and still allow Guest Zone or not. 
    You could try Cascade mode however this would introduce a 2ndary DHCP subnet on your system I think:
    http://kb.linksys.com/Linksys/ukp.aspx?vw=1&docid=169333b784cf4c78b8db5490f85c518a_Setting_.xml&pid=...
    You might want to phone Linksys support, ask for level 2 support or higher....

  • How do I disable guest access in the advanced web controls? E2000

    Due to cisco connect not connecting and my rouer having some problems I have reset it and gone straight into the advanced web control panel. I have everything set up and running, but I see no way to turn off guest access. I do not want any "guests" to be able to access my  E2000 router, how do I disable that in the advanced web control panel?

    sabertooth is correct. The Guest network is managed by Cisco connect software only.
    You can reset the router and reconfigure it manually.
    Press and hold the reset button on the router for 30 seconds. Release the reset button and wait for 30 seconds. Power cycle the router and reconfigure it manually.

  • WLC and ISE guest access COA

    We are migrating to ISE for guest access and are having problems with the COA being delivered after a successful authentication.  ISE attempts to send it but nothing changes on the WLC.  The message in ISE is Dynamic Authorization failed and a message that ISE didn't receive a response from the NAD, verify communication.  What is odd is the original guest request comes in from the IP address of the service port on the WLC but anything doing with the COA is seen from the management.  I have both IP's defined for the device in ISE.  I am about to do a session reauthentication within ISE and the WLC applies the changes.  I have verified that RFC 3576 is enabled, but the show radius rfc3576 stats shows no values.  The WLC is running 7.6.130.  I have attempted to debug on the WLC side to see if the message is even being delivered but non the debugs i have attempted seem to offer any good information.
    Anyone have any suggestions?  
    Thanks,
    Joe

    Hi Joe,
    I dont really know what you are trying to do with the COA , as it is used in the CWA solution and BYOD solution as well. But even before trying that , I would advise you to go step by step and solve the n/w issue first. You are able to see the request from service port which should not happen because then the incoming/outgoing traffic takes different path. You must be facing this situation as you might have some network routes matching ISE subnet/Ip address in the GUI>Controller>Network routes as there is no need of those routes. If the service port needs to be used during controller down scenario then use a laptop in the same subnet of Service port ip and connect to the service port.
    Regards
    Dhiresh
    **Please rate helpful posts**

  • Wired guest access with 5508

    Hi
    I have setup wireless guest access for a customer with a single 5508 and web authentication no problem at all. He then wanted to test wired guest access. The 5508 is currently connected to a single 3560 switch. The wired clients get a DHCP address OK but cannot reslove DNS and thus don't get redirected to teh guest login portal. I have even tried turning of all L3 security to no avail. The setup is as follows
    VLAN 101 access points and 5508 management interface
    VLAN 102 wired guest access dynamic ingress (L2 config only no SVI on 3560)
    VLAN 103 wireless guest dynamic egress nterface L3 network with SVI on switch
    VLAN 104 wired guest dynamic egress interface L3 network with SVI on switch
    There are two DHCP pools setup on the WLC one for the VLAN 103 and one for the VLAN 104 subnets.
    The internet router is also connected to the 3560 on a sepearte VLAN with an SVI. the 3560 has a default route to teh internet router and teh DHCP pools give the DHCP clients a default gateway of the IP address of dynamic interface 103 or 104. The Internet routre can ping the WLC on both these addresses.
    LAG is enabled on teh WLC and VLANs 101-104 are trunked to it from the 3560.
    I even tried making the wired guest egress interface the same one as for wireless. The wired clientys now got an IP address on the wireless range but still couldnt pass any traffic. It's like the intrenal bridging on teh WLC between VALN 102 and 104 (or 103) is broken. Tried both the lates 6.x and 7.x software on the WLC. Any ideas ? All the problems I can find with this seem to relate to not gettingas far as a DHCP address but that works fine.
    Thanks
    Pat

    Hi
    Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
    The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

  • LWA Guest Access with ISE and WLC

    Hi guys,
    Our Company try to implement Guest Access with ISE dan WLC with Local Web Auth Method. But there is problem that comes up with the certificate. This is the scenario :
    1. Guests try to connect wifi with SSID Guest
    2. Once it connect, guests open the browser and try to open a webpage (example: cisco.com)
    3. Because, guests didn't login, so it redirect to "ISE Guest Login Page" (url became :
    https://ise-hostname:8443/guestportal/Login.action?switch_url=https://1.1.1.1/login.html&wlan=Guest&redirect=www.cisco.com/
    4. If there is no ISE Guest Login Page installed, message Untrusted Connection message will appear, but it will be fine if they "Add Exception and install the certificate"
    5. After that the Guest Login Page will appear, and guests input their username and password.
    6. Login success and they will be redirected to www.cisco.com and there is pop up from 1.1.1.1 (WLC Virtual Interface IP) with logout button.
    The problem happen in scenario 6, after login success, the webpage with ISE IP address and message certificate error for 1.1.1.1 is appear.
    I know it happened when guests didn't have the WLC Login Page Certificate...
    My Question is, is there a way to tunneling WLC Certificate on ISE ? Or what can we do to make ISE validate WLC Certificate, so guests doesn't need to install WLC Certificate/ Root Certificate before connect to Wifi ?
    Thx 4 your answer and sorry for my bad English....

    Thx for your reply Peter, your solution is right,
    i don't choose CWA, because their DNS is not stable...
    i've found the problem...
    the third-party CA is revoked, so there is no way it will success until it fixed...
    and there is no guarantee, they will fix it soon..
    so solution that we choose is by disable "HTTPS" on WLC...
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable".
    "config network web-auth secureweb disable"
    thank you all...

  • ISE guest access - can't match on Optional Data fields

    Hi all
    I need to have 2 different types of guest users that will get different level of access with DACL / Airspace ACL
    I thought that best way to do that is simply matching one of optional data fields you can setup in Sponsor Portal
    Unfortunately as soon as I reference Optional Data field in Authorization rule I get no match. Can't also match on username which would not help anyway.
    getting redirected, login, getting redirected again etc.......
    This is affecting both wireless and wired.
    As soon as I remove that additonal condition from authz rule guest access works fine - getting redirected, log in, surf the internet.
    Is this is bug with ISE that you can't match guest optional data fields?

    Hi evnafets,
    You were right. How silly I am didnt see that small thing- but STILL PROBLEM IS UNSOLVED.
    [ore]
    java.sql.SQLException: [Microsoft][ODBC Microsoft
    Access Driver] Missing ), ], o
    r Item in query expression 'Post_Date LIKE
    to_date('04-06-2005',' dd/MM/yyyy''.
    Like it says, you have a missing ")" character
    rs=stmt.executeQuery("SELECT Name FROM
    NoticeBoardTable WHERE Post_Date LIKE to_date('"+
    date_str+"', 'dd/MM/yyyy' <--HERE NEED A CLOSING
    BRACKET ");
    When I did this it said to_date function is not available that because Ms-access doesn't have this function. Then I just changed the query to:-
    rs=stmt.executeQuery("SELECT Name FROM NoticeBoardTable WHERE Post_Date LIKE "+ date_sql ); . Although it didnt generate any exception, but dont show any record.
    But even better would be to use a prepared
    statement.
    String sql = "SELECT Name FROM NoticeBoardTable
    WHERE Post_Date LIKE  ?";
    PreparedStatement stmt = con.prepareStatement(sql);
    stmt.setDate(1, date_sql);
    ResultSet rs = stmt.executeQuery();
    I had prepared statement in my final servlet, I made this one just to check why its not working on dates. Also on your advice I changed it to prepared statement. It runs fine but didn't show any record with date 04-06-2005 although I have it in my database (not generating any exception).
    I print the sql date throuht servlet just to check , its showing 2005-06-04. May be its formate problem.
    Thanks
    Regards

  • E4200 Wireless Guest Access issue

    Hello, I'm hoping someone can point me in the right direction. I have the wireless guest access set up in my E4200 flash to the latest firmware. 
    When I connect to the wireless guest network it comes up under the 192.168.33.xx IP address. I can connect fine but it never pops up the browser so that you can type in the guest password. I'm running Windows 7 but I've also noticed the exact same problem under XP.
    The only thing I can guess is the problem is that I have this acting like an access point and all DHCP requests go to my router. I've basically turned off DHCP on this and plugged the network connection into the switch on the back. 
    Any suggestions?
    Thanks
    Josh

    If I go to 192.168.33.1 it does pop up the browser but when I enter the password It just hangs. Not sure if it was connected or not. Is there no way to pop up the browser automatically?

  • Unified wireless guest access

    Hi I need help in configuring unified wireless guest access. i have followed the guide
    http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch10GuAc.html#wp999843.
    But the problem is it still does not work. what i dont get is that the interface for the Guest SSID for the foreign controller is management, does this mean that i have to get an IP address first from the management segment before i can get an IP from the anchor WLC?
    my setup is that i have an anchor controller which is on a different LAN from where my foreign WLC is. the anchor WLC has the DHCP scope and the local net user database. I have already join the two WLC to each other's mobility group. also i have configured the mobility anchor on the WLAN(SSID) of the foreign controller.
    Another thing is that the AP im trying to use is on a different site from where my controller is. Im not sure if this is the one causing problem.
    Can someone help point out my mistake.

    Its rare that I have a difference in opinion from both of you guys but let me share with you an issue I had.
    If you map the foreign controller to the management interface and the tunnel breaks for whatever reason the clients will get dumped on the management interface, even though the WLAN is anchored to the DMZ controller.
    I know this becuase I seen this for my self when I had anchor issues.
    I opened a tac case and it was suggested to use a "dummy interface" on the foreign controller. I forget who I spoke to, this is over a year now. But I then followed up witha Cisco SE on the Advance Wireless team and he commented this is what they do as well. And to add further, a large hospital system here in the Tex Med center had Cisco advance team install their controllers and they too had dummy interfaces for the foreign controllers for guest.
    Just my 2 cents ... Add a dummy interface call he dummy_guest_interface and tie it to 222.222.222.222 or something like ... no need to add anything on the wired.

  • Guest access with CWA on ISE

    Hi support community
    we just implemented CWA for wireless guest access using ISE. however we have an issue, the redirect URL is a name, not an IP address, and the guest dhcp scope use public DNS servers, so CWA doesn't work unless we set the company DNS servers.
    so my question... is there a way to configure ISE to send the ip address instead the name for redirection in CWA?
    Many thanks in advance...

    Hi, thanks for answering...
    Yes the problem is that public DNS servers obiously can't resolve ISE servers names. Additionaly the guest VLAN has an ACL blocking all the traffic destined to internal resourses with some exceptions (DHCP, DNS and ISE port for CWA).
    however, guest can access to some company services, but as if they were located on internet, ie through the public ip address, so if we use internal servers, they resolve the internal ip address and connections fails. the Muhammad suggestions could be the solution for the problem....but now is something to discuss with the DNS server administrator...
    thanks

  • E4200v2 Bridge Mode + Guest Access: No DHCP IP's assigned?!

    New E4200v2 on 2.0.37.  In "Bridge Mode - DHCP" (i.e. Access Point not router).  Guest Access is enabled & SSID broadcast.  Dhcp Server is disabled, because my main Sonicwall router is providing that for main LAN 192.168.1.0.
    PROBLEM = Client PC can see "-guest" SSID fine and associate to it, BUT PC does NOT receive a DHCP IP address (i.e. 192.168.33.x) therefore the browser login page never appears and guest access does not work.
    I'm pretty sure that it's all related to DHCP.  I'm assuming that the E4200 is not receiving or sending guest DHCP packets with the client PC.
    I seen Guest Access work on the older E4200v1's before so I know what it should look like.
    Can anyone suggest any likely reasons why my E4200v2 wouldn't be providing DHCP guest addresses in the 192.168.33.0 subnet?
    I only have 24 hrs until I have to deploy 2 new E4200v2's at a remote site, and after that it's going to be really hard to troubleshoot because I won't be at that site.
    Thanks in advance for any expert advice!
    Solved!
    Go to Solution.

    When you're in bridge mode DHCP server option goes away.  And I don't care if DHCP requests are getting to my Sonicwall b/c that device is not going to assign the Linksys Guest IP's... E4200 must do that, apparently in a totally hidden way.
    In any case, I don't have any more time to waste on E4200v2's so I'm going to try some E4200v1's which I just happen to have handy, thankfully.
    If Bridge Mode + Guest Access works better on the V1's then I'll retreat back to that older more obsolete hardware. 
    I'll report back later.
    (In meantime if anyone else cares to offer their knowledge experience about this, V2 or V1, I'm all ears)
    gv wrote:
    Do guests get an IP address if you enable the DHCP server?
    Do you see guest DHCP requests on your sonicwall?

  • Windows 7 and Wireless Guest Access

    Dear All, one of my Customers uses 4400 based Guest Access Solution with L3 Webauth. With XP everything works Fine. Since the Migration to Windows 7, Guest Access is not working correctly. It takes a long time to get an IP Address via DHCP, sometimes it idles to 169.xxx. If an IP Address is provided, the Redirect will not work. Has anybody seen similar Problems with Win7 or a Solution?
    Regards, Michael

    Found a solution for the "Boot Camp x64 is unsupported on this computer model" message. Here is the link: http://www.techulous.com/hardware/how-to-apple-boot-camp-64-bit-for-windows-7-on -unsupported-macs.html
    Everything works ( for ) now. Yay!

  • Guest Access - Layer 2 security WPA PSK - Layer 3 security web auth

    I am not able to test this.
    Has anybody configured the CUWN guest access with WPA PSK layer 2 and Web authentication layer 3
    If so are there any problems that I should expect
    Mark

    Mark,
    I have setup wireless in two other compainies related to Rail... The biggest issue will be who will support the guest users and will they take the responsibility. Their security team didn't want that and were fine with tunneling the users to either a dmz or seperate Internet connection. Will dhco release the address... Not right away. You can play around with the lease tim and see if your laptop keeps getting the same address or one higher. If the isue is with dhco being used up from association, then don't broadcast the ssid and have the receptionist hand out the ssid with username and password. My clients use a default username and passowrd but changes that every week. They seem to prefer that over changing it every day or have a username passeor for every guest user. They use wcs to print out the guest credentials. Again, the network team has the recepionist doing this, so they made sure that they are not making too much extra work for them or else they would have to be responsible for guest users.
    Hope this helps.

  • Wired guest access on WLC 4400 with SW 7.0.240.0

    Hello,
    after we upgrade our Wlan-controller 4400 from software 7.0.116.0 to 7.0.240.0
    wired guest access don't work anymore.
    All other things works fine, incl. WLAN guest access!
    When we try wired guest access, we get the web-authentication page and can log in.
    On the controller we can see that the Policy Manager State changes from WEBAUTH_REQD
    to RUN.
    But then there is no access to the internet.
    We tried also SW 7.0.250.0, same problem!
    Log Analysis on the WCS:
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :The WLAN to which client is connecting does not require 802 1x authentication.
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client does not have an IP address yet.
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L3 authentication is required
    Time :03/12/2014 14:21:23 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role update request. from Unassociated to Local Peer = 0.0.0.0, Old Anchor = 0.0.0.0, New Anchor = 10.101.200.11
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Mobility role changed. State Update from Mobility-Incomplete to Mobility-Complete, mobility role=Local, client state=APF_MS_STATE_ASSOCIATED
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :DHCP successful.
    Time :03/12/2014 14:21:26 MEZ Severity :ERROR Controller IP :10.101.200.11 Message :Client got an IP address successfully and the WLAN requires Web Auth or Web Auth pass through.
    Time :03/12/2014 14:21:26 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client IP address is assigned.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Webauth user logged in to the network. manni
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :AAA response message sent.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
    Time :03/12/2014 14:22:01 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client has completed Web Auth successfully.
    Trying http://www.google.de .... doesnt work. No Log Entries. Next entries while logging out.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Web auth is being triggered again.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client L2 authentication has been completed successfully.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :Client Moved to DHCP Required State.
    Time :03/12/2014 14:36:20 MEZ Severity :INFO Controller IP :10.101.200.11 Message :WebAuth user Logged out from network.
    Has someone a idea how to solve this problem?
    Regards
    Manfred

    Hi
    Yes got it resolved. It turns out that the connection from the wired guest access port to the WLC must be L2. That is the switch that the wired guest acces sport is connected and WLC are connected to must be L2 only. We were using a single switch to do the testing and it was also doing the routing for the test LAN. Even though there was no L3 VLAN interface configured for the VLAN that the guest access port was on for some reason this breaks it. Absolu Didnt have chance to work out the exact limitations of this as we simply made the switch L2 only and configured an 802.1Q trunk to the Internet router and made subinterfaces on the router for the wired and wireless egress ports and it worked then. No config change was needed on the WLC at all.
    The only thing I can think of is that it's something about the way the WLC joins the wired guest access ingress VLAn and egress VLAN. The WLC isn't a reall router it says so in the documentation. I think the packet coming from the wired access port is being bridged to the egress VLAn not routed and this is what screws it up (remeber with a router the source and destination MAC addresses would be changed with a bridge they aren't). Got to be something along those lines. If you have a bigger newtork with a guest anchor WLC handling this function you dont run into this as the traffic is coming over an EOIP tunnle from the remote WLC so the switch with the guest anchor WLC doesnt see the MAC address of the wired guest PC.

  • Guest Access Redirect accepting AD credentials

    I have a 2106 controller with a guest access SSID on a isolated vlan 192. The guest SSID is setup for webauth and redirects all traffic to the isolated vlan 192. There is a RADIUS server handling AD authentications on the native management vlan. The dhcp scope on the guest access (192) vlan resides on a watchguard firewall. When I connect to the guest SSID with a WLC resident account and password I am allowed internet access fine. When I use a AD account and password from the rest of the network I am also allowed on fine. Anyone seen this before? I should not be able to even to see the AD server from the isolated VLAN much less have the controller see it as a valid login. I get an IP address from the isolated vlan and I can not ping my protected (all other vlans) network. The problem is I can not monitor content easily or filter where my AD users are going if they connect to the guest SSID. Code is older version 4.0.217.0 and I will upgrade unit to 4.1.185 this week but I suspect the problem will still exist.

    I am posting this as I have found my problem. This is bug number CSCsh35098. In this bug the if the Web account for the local user fails then the authentication request will be forwarded to a RADIUS server if one is configured on the controller. It over rides the WLAN setting to not have a RADIUS authentication. The work around is to change the RADIUS authentication from PAP to CHAP or MD5-CHAP as this will not allow the RADIUS to authenticate.

Maybe you are looking for

  • Can I view the photos in my Pictures folder as a slide show

    I store my photographs in the Pictures folder (Album?) rather than any other app. I have organised my photos into folders within this main folder. Is there a way to view the photos in a particular folder as a slide show? This was possible in my Windo

  • Always same ken burns effect in imovie HD 6?

    Hi, When creating a slideshow in iPhoto, the app appropriately randomizes the speed and direction of the Ken Burns Effect that it applies to the various pics. When adding photos to iMovie '08, it does the same (as far as I can tell). But when adding

  • OT: Miro Video Converter

    This is a head's up to anyone looking for Video converters.  I had the misfortune of downloading the latest free Miro Video Converter. I was horrified by all the garbage software it attempted to install on my system. Nevertheless, I used the Advanced

  • Bummer - Bose headphones don't seat in the earphone jack

    Neither my noise canceling earphones or my good ear bud ones.... Somebody is going to make a bunch of $$ making an adaptor...

  • Blue background by picture on iweb page when online

    Hello, When i uploud pictures on my website they have a bleu background. And i have make the backgrounds transparant in photoshop. Can anybody tell my thats posible.. thanx, remco