Respected members of this community... :) I need help.
The last couple of days i spend implementing unified wireless at a customers site.
We used the latest versions of the controller and WCS software.
This new software offers a new feature, wired guest.
Since we already implemented 802.1x with a guest VLAN on the wired network last year, we wanted to offer the guest access functionality on the wired LAN as well.
So first we implemented wireless guest access, which worked fairly quickly.
Then we added another interface on the controllers, which matched the already existing wired guest VLAN. First we wanted to use that VLAN for wireless guests as well as wired, but we found out that is not possible (so we created a new wireless guest VLAN). Then we added a new WLAN wich we marked for wired guest.
Anyway, we followed the documentation and...could not get it to work.
The network is a layer 3 routed network with 40 or so VLANs. The controllers are connected to the core switch (with nicely configured trunks), which does all the routing.
DHCP is the first thing that didn't work. The interfaces we created on the controllers have the guest lan checkbox checked, ingress interface is the guest VLAN, egress interface is the mngt interface.
The DHCP relay function did not work.
DHCP will work with IP-helper configured on the VLAN interface on the core router, but this al goes outside of the controllers.
This is by the way the major thing i do not understand. With wireless, all traffic goes via de controller through the LWAPP tunel. But with wired, my layer 2 VLAN ends on the core switch, not on the controller.
So what should the default gateway be for that VLAN? The interface VLAN of the coreswitch or one of the controller IP adresses?
Traffic should be directed to the controllers (i guess?) to enable them to catch HTTP and send the redirect to the webauth page.
But if you set the default gateway to the controllers, DNS does not work because the controllers do not forward traffic untill after authentication, but for this to work, you need DNS for the client to start the HTTP session.
Is there anyone out there who has this working, including DHCP?
The customers network is flexible, we can build almost anything we want there, so iw we need to change something, we can.
Wireless guest was no problem at all, and de data WLAN, including 802.1x, auth on AD and dynamic VLAN assignment worked perfectly. So we did get something to work actually... :)