Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
3
Replies

Configure guest wifi

DAVID
Level 3
Level 3

‎05-17-2017 06:32 PM - edited ‎07-05-2021 07:02 AM

We want to be able to leverage our existing wireless infrastructure to provide shoppers guest internet access.  Our locations use Cisco 3700i access points that are managed by a pair of 5520 controllers in our data center.  We'd like for the guest user to be able to access the guest ssid from the store's access point but rather than backhaul that traffic back through our DC we would rather guest internet traffic traverse out the internet circuit at the remote location rather than coming back over the MPLS circuit. We do not want to add additional access points at the remote locations. But we'd also like for the controllers to provide DHCP services for the guest users. While I am sure that this is doable is there a more preferred solution?  My only caveat is that I need to use our current access points and controllers

Labels:
0 Helpful
3 Replies 3

ammahend
VIP
VIP

‎05-17-2017 07:06 PM

Given the situation, I think the way you are thinking should be good.

You will have to convert your AP to flexconnect mode.

The new WLAN for guest will be configured for local switching (flexconnect)

The AP port has to be trunked with native vlan as AP vlan and allowed vlan as guest vlan.

The guest vlan has to be defined on local switch

Guest SVI will have to have helper address set for controller IP for DHCP.

Native vlan has to be configured on AP native vlan mapping.

Guest WLAN and vlan will have to be mapped on AP.

define appropriate ACL blocking RFP 1918 and allow everything else.

your other existing SSID will continue to be centrally switches.

It should be very easy to test with one AP and do a POC before you roll out.

If you are open to adding another controller or Cisco ISE, there are many other cool solutions.

*rate helpful posts*

-hope this helps-
0 Helpful

DAVID
Level 3
Level 3
In response to ammahend

‎05-17-2017 07:41 PM

I do have ISE 2.0 and other WLC's I'm not using but I was unsure about having an AP and two different controllers.  My conditions were to be able to use my existing wireless infrastructure but to send guest internet traffic out the local connection.  I'm trying to POC Cisco CMX connect. What our remote sites consist are a Cisco 891 ISR router with 2960c POE switch with 1 to 3 3700i AP's in Flex mode depending on size of store.  All traffic from stores is back hauled via MPLS to DC where WLC, ISE, ASA, etc reside.  Guest vlan would be configured on 891. This is a POC for 500+ locations

HTH

0 Helpful

ammahend
VIP
VIP
In response to DAVID

‎05-17-2017 08:56 PM

sent you an email at Djames@rackroom.com. reply back if you like else we can continue discussing here.

-hope this helps-
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card