Guest WLAN setup?

Unanswered Question

We have just set up a WLAN. We have a 4402 controller and 1131AG access points.


We have a lot of consultants, guests, presenters, etc. roll through who need Internet access. I'd like to setup a WLAN that is seperate from our production network and gets them to the Internet.


I have a DMZ I could set up for this use, but I'm wondering how best to set up the guest WLAN.


Our network is not currently configured for VLANs, so the production WLAN is not configured for VLAN.


Any ideas greatly appreciated.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (3 ratings)
Loading.
planzone Tue, 04/08/2008 - 18:00
User Badges:

I have no expierience with a 4402 controller so I cannot comment on that. However, do you happen to have a boradband connection as well coming in to your site besides your T1 circuits that your production net work uses?

You can create vlans to segregate the networks. I know in the 1200 series you can create up to 16 vlans i believe. Anyhow .. not sure If I pointed you in the direct direction. But to me it sounds like anyway you go will require some sort of vlanning.

Scott Fella Tue, 04/08/2008 - 19:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

The easiest way is to have one port seupt for trunking that your management and ap-managers will use (port 1). Then create another dynamic interface for your guest traffic and that will be on a different port on the 4402 (port 2). Connect that to your DMZ and you should be good to go. You can setup the dynamic interface for any vlan... doesn't matter since you will connect that directly into your DMZ.

akobwaycct Tue, 04/08/2008 - 22:37
User Badges:

hi Fella,


i am very much interested in doin the same thing ans i think your suggestion could help solve my problem,but i don really understand part of what u are saying.


say i create native vlan for management and ap-managers and use port one for that particular vlan.

the create a guset vlan anf have it passing through port 2 all the way to the DMZ.is that what you are saying ??


my current situation is that i have two vlans,vlan 1 which has the corporate wlan and vlan 4 which was created for guests all the vlans are allowed to pass through port 1.my problem is that guests clients cannot get dhcp addresses from the scope that i create either in the controller or in the switch.It only gets addresses from the vlan 1,which is on the corporate network.and on the other side if i create another native vlan for the corporate wlan the aps are not able to register with the controller.how do i get around this ?





akobwaycct Wed, 04/09/2008 - 02:05
User Badges:

i managed to spot my mistake,the cause of the problem was that i did not create a dnamic interface to use for my guest vlan.

Scott Fella Wed, 04/09/2008 - 04:07
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

What you should also do is create a custom webauth that uses a login. this page will also contain your terms and conditios for using the guest wireless. username and passwords are managed on the controller and you can change the username and password every week or so to prevent vendors from letting some of your internal staff know the username and password... which they want to know since they see it as open access. if you prefer not to use a username password scenerio, then use a passthough, in which the guest user has to accept the terms and conditions.

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode