Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
587
Views
13
Helpful
5
Replies

Guest WLAN setup?

dan
Level 1
Level 1

‎04-08-2008 01:09 PM - edited ‎07-03-2021 03:41 PM

We have just set up a WLAN. We have a 4402 controller and 1131AG access points.

We have a lot of consultants, guests, presenters, etc. roll through who need Internet access. I'd like to setup a WLAN that is seperate from our production network and gets them to the Internet.

I have a DMZ I could set up for this use, but I'm wondering how best to set up the guest WLAN.

Our network is not currently configured for VLANs, so the production WLAN is not configured for VLAN.

Any ideas greatly appreciated.

Labels:
0 Helpful
5 Replies 5

planzone
Level 1
Level 1

‎04-08-2008 06:00 PM

I have no expierience with a 4402 controller so I cannot comment on that. However, do you happen to have a boradband connection as well coming in to your site besides your T1 circuits that your production net work uses?

You can create vlans to segregate the networks. I know in the 1200 series you can create up to 16 vlans i believe. Anyhow .. not sure If I pointed you in the direct direction. But to me it sounds like anyway you go will require some sort of vlanning.

Scott Fella
Hall of Fame
Hall of Fame

‎04-08-2008 07:35 PM

The easiest way is to have one port seupt for trunking that your management and ap-managers will use (port 1). Then create another dynamic interface for your guest traffic and that will be on a different port on the 4402 (port 2). Connect that to your DMZ and you should be good to go. You can setup the dynamic interface for any vlan... doesn't matter since you will connect that directly into your DMZ.

-Scott
*** Please rate helpful posts ***

akobwaycct
Level 1
Level 1
In response to Scott Fella

‎04-08-2008 10:37 PM

hi Fella,

i am very much interested in doin the same thing ans i think your suggestion could help solve my problem,but i don really understand part of what u are saying.

say i create native vlan for management and ap-managers and use port one for that particular vlan.

the create a guset vlan anf have it passing through port 2 all the way to the DMZ.is that what you are saying ??

my current situation is that i have two vlans,vlan 1 which has the corporate wlan and vlan 4 which was created for guests all the vlans are allowed to pass through port 1.my problem is that guests clients cannot get dhcp addresses from the scope that i create either in the controller or in the switch.It only gets addresses from the vlan 1,which is on the corporate network.and on the other side if i create another native vlan for the corporate wlan the aps are not able to register with the controller.how do i get around this ?

0 Helpful

akobwaycct
Level 1
Level 1
In response to akobwaycct

‎04-09-2008 02:05 AM

i managed to spot my mistake,the cause of the problem was that i did not create a dnamic interface to use for my guest vlan.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to akobwaycct

‎04-09-2008 04:07 AM

What you should also do is create a custom webauth that uses a login. this page will also contain your terms and conditios for using the guest wireless. username and passwords are managed on the controller and you can change the username and password every week or so to prevent vendors from letting some of your internal staff know the username and password... which they want to know since they see it as open access. if you prefer not to use a username password scenerio, then use a passthough, in which the guest user has to accept the terms and conditions.

-Scott
*** Please rate helpful posts ***
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card