×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Problem setting up guest network wap321

Endorsed Question
Jan 8th, 2014
User Badges:

Hi, i am setting up the wap321 with the latest firmware revision. I have a vid 1 set up for my main network and works fine. I want a seperate network for guests, setting up a second network with anything other than vid 1 does not let me connect. When I assign vid 1, it works, but it's not a seperate network as i can still access pc's here. Please advise, not sure what i am missing.                  

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Eric Moyers Wed, 02/05/2014 - 13:28
User Badges:
  • Silver, 250 points or more

While what I am fixing to share is not in any way a great solution, It can be utilized as a workaround.

With the WAP321, after trying a few different scenarios that didn’t work. I simply set with two vlans, attached Guest vlan to the Guest SSID and changed the Management VLAN to match the Guest vlan ( In my case 2). This allowed me to authenticate to my guest SSID portal and get an IP and get out to the internet. The Main SSID still worked normally.

Now for some caveats:

Problem: If a wireless client knows the IP of the WAP and the username and password they could get into the WAP.

Solution: Setup Management Access Control to an IP outside the DHCP scope for that VLAN and have a Strong Password.

Problem: Management of the WAP321 can only be from an IP on the Management VLAN. (In my case 2)

Solution: Setup Management Access Control to an IP outside the DHCP scope for that VLAN and have a Strong Password.

Not the very best solution, but the only workaround I can come up with for now.


Thanks

Eric Moyers    .:|:.:|:.

Cisco Small Business US STAC Advanced Support Engineer

Wireless Subject Matter Expert

CCNA, CCNA-Wireless

866-606-1866

Mon - Fri 09:30 - 18:30 (UTC - 05:00)

*Please rate the Post so other will know when an answer has been found.

Eric Moyers Thu, 02/06/2014 - 07:27
User Badges:
  • Silver, 250 points or more

Yes this works with the WAP100, 300 and 500 Series Access Points. However it does not pertain to the AP541N.



Eric Moyers

JoseOlivas Thu, 02/06/2014 - 12:37
User Badges:

Is there any idea from Cisco that there may be a fix in the works for this?  I can't see how such a "secure" company and a $300+ unit can have such a flaw.  I am considering a competitor such as Rukus. 

mpyhala Thu, 02/06/2014 - 12:48
User Badges:
  • Gold, 750 points or more

Jose,


Our software develpoment team is working to resolve this issue. At this time we do not have an ETA for a firmware release.


- Marty

JoseOlivas Thu, 02/06/2014 - 12:59
User Badges:

Thank you Marty,


I assume this will come in way of a firmware update?


Jose

mpyhala Thu, 02/06/2014 - 13:13
User Badges:
  • Gold, 750 points or more

Yes, a firmware release should resolve that issue. Keep an eye on the downloads page for your device.


- Marty

Actions

This Discussion