Finally got Guest Access to work but need to set up exceptions. Users get DHCP and DNS from local server and then are allow http and https access to the internet only. Local http / https is blocked by a rule to all on an internal Class B subnet. Rules look like this:
permit 0.0.0.0 any udp dhcp client in
permit any 0.0.0.0. udp dhcp server out
permit range any udp dns in
permit any range udp dns out
deny range range tcp http in
deny range range tcp http out
deny range range tcp https in
deny range range tcp https out
allow range any tcp http in
allow any range tcp http out
allow range any tcp https in
allow any range tcp https out
Problem: Users may want to get to our websites that resolve differently locally. Global dns might point www.website.com to 100.100.100.100, but internally www.website.com points to 10.10.10.10. This is a Class C subnet.
I created a permit rule for the local sites, but it's not working. I think the order is the problem, but I don't know.
Any help would be really appreciated. Thank you kindly.
We had the same issue. We are using the FWSM. Our servers have an internal IP address and sit in a DMZ of the firewall as do the wireless users. Along with the internal ACL:'s we added a wireless view on our external DNS which also resides on another DMZ within the FWSM. This view takes just the subnet of those wireless users and points them to a different ip for specific name resolutions. This way I give the wireless users web access only to the internal address of the web server keeping them internal to the FWSM.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...