pre-sale question

Unanswered Question
Aug 12th, 2010

We are looking into purchasing one 4402 with 8 AIR-LAP1142.  I was wondering what would be the best way to segregate guest access from employee access to our network.  I was told that if a known laptop (known mac address) connects to the AP you can have it so it receives an IP on a specific subnet that you allow into your network.  And if you have an unknown mac address (guest) connecting you can have it receive an IP on different subnet which is allowed Internet use only.  If this is the case will I need to send both those subnets (VLANs) down to the controller over trunk ports of an aggregating (say 2960) switch?  Is there a better/easier way? Thanks, Vinny

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nuttea Jirattiv... Fri, 08/13/2010 - 03:43

I think you can create seperate SSID for internal access and guest access.

1. Internal SSID -> non-broadcast, WPA/WPA2 personal/enterprise, internal vlan

2. Guest SSID -> Open with Web-authentication, use WLC lobby account to generate temporary guest account (guest account can set to expire), all guest client will use guest's seperate vlan with security eg. access-list or firewall policy

vbarletta Fri, 08/13/2010 - 05:55

Thanks for the reply.  As far as connectivity from each AP, do I set-up trunk ports to each of them on the switch that connects to the controller?

Nuttea Jirattiv... Fri, 08/13/2010 - 06:05

Yes, in Local mode access point. We only need a trunk at
WLC ports that connect to a switch. This will support multiple VLAN for each SSID.

And usually use LAG mode on WLC together with Etherchannel port on switch side for redundancy.

Actions

This Discussion

Related Content