Looking for input on Guest Vlan subject.
How can I avoid routing of Guess VLAN traffic to DATA VLAN, any traffic from Guest VLAN should be routed to Internet directly.
Looking for similar setup as in Hotels, Guest are provided with username/password with time duration to access internet and limit the download speed.
Do I need to create another SSID on the WLC and how the guest users will acquire ip, from WLC DHCP or Windows DHCP.
If its Windows DHCP then Guest traffic reaches my Data VLAN
We got WLC 4420 ----- Do you mean a 4402-xx
AP 1200 series ( 5 in quantity )
I am new to WLC, can you help me to understand
- How many SSID we can configure on WLC, does each ssid can have different config parameters.
The AP's and the Code you might have will only support 8-16. You don't want to configure too many (best practice is around 4) because of all the beacons that needs to be sent might cause issues with certain devices. You can configure eash ssid the same of different, it is up to you. Follow best practices on this.
- can we broadcast specific SSID on AP configured with WLC ( AP#1 can be used for SSID DATA & SSID Guest ) ( AP#2 can be SSID Guest & SSID Partners )
You can create WLAN Override (depends on code - http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807669af.shtml) to specify what AP's will braodcast what SSID's. This can be messy if you have gaps for roaming, unless that is not an issues.
- For Guest SSID is it recommended to connect to a seprate port on WLC
You have different options:
- You can use a guest anchor controller in you DMZ
- You can use one port on the WLC connected to your internal network and the other port to the DMZ
- You can trunk vlans and use ACL's to block guest traffic from inside networks.
All this depends on you current infrastructure and if you plan on buying more equipment or use the existing.
- Instead of creating Guest Users on WLC with time restriction, can this be done third party with ease of management. ( Office secretary can give access to internet to guest )
You can use a NAC Guest Server... if you want to spend a lot of money. You can configure a Lobby Admin account on the WLC so that the secretary has only read/write to add guest accounts. This would be the same if you have WCS with a lobby admin account.
- How to have bandwidth control on WLC, restrict users with bandwidth limit
You would need to use a 3rd party tool for this like ZoneCD or again you can use the NAC Guest Server.
Any configuration sample link with one Internet connection having DATA and Guest VLAN using ACL to restrict the traffic.
I put some links above... hope this helps. Again, it will come down to your existing environment and how much more you want to spend. You also have to look at the time it might take to setup, will the secertary want to do this, etc? How I see guest access..... well.... they go out a seperate internet pipe, so I don't really care about bandwidth. Its guests so they would have to deal with that anywhere the go, even hotspost or even worse hotels:) Make it simple and make it work... then you can add to that later when you get more familiar to configuration and troubleshooting.