configure guest wlan on wlc 2106 to give only internet access to guest users

Unanswered Question
Aug 23rd, 2010


I have wlc 2106 which is connected to my l3 switch 4503 , I have configured wlc 2106 with one wlan but now i would like to get one more wlan which will have access for only internet to guest users  ...

What should i do on WLC 2106 or what commands are useful to fulfil this requirements.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
purgrider Tue, 09/28/2010 - 16:41


Hopefully you've found a solution by now, but I wanted to respond anyway in case others find this useful.

There are quite a few options for Guest WLANs.  The answer to your question depends on the security policies where the controller is being deployed.  If you are allowed to have an open WLAN, that's probably the easiest solution - but is also the least secure as it does nothing to prevent unauthorized access to the wired network.

Another solution would be to create an SSID with only a single user account authorized on it, but allowing unlimited similtaneous logins for that user account.  This would provide a minimum level of security, is relatively simple to configure, but would not work with the security requirements of most organizations.

The most secure guest wireless network would employ some kind of temporary authorization utilizing guest accounts, WPA2 encryption, and tunnel the guest traffic off your organization's LAN  - but this sounds like overkill for your needs and would require a 4400 or 5500 series WLC.

My recommendation would be for you to read "Deploying and Troubleshooting Cisco Wireless LAN Controllers," available from Cisco Press.  It goes through many possible guest network scenarios.

If you can reveal any of your security requirements and more details of the guest network you envision, I can provide more specific advice.

Best of luck!



This Discussion