Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Guest network on WLC 2500 series

Hi,

I have our WLC 2500 series with 4 AP up and running, but have trouble finding information on how to setup a guest ssid.

can I run both an employee network and quest network  from the same WLC and AP's so that AP's brodcast both emplyee and guest SSID (network),

if yes how to i set it up so that guest network are on another subnet, so that they cant see or access the domains and sharefolders?

or is it possible to setup the that to that "employ" SSID network routes the trafic to port 1 on wlc that are conencted to domain and guest network routes the traffic to port 2 on the WLC where it runs around the domain and other server?

hope that you understood what i tried to write,

  • Getting Started with Wireless
2 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Purple

Guest network on WLC 2500 series

Here is the guide for :

Guest WLAN and Internal WLAN using WLCs Configuration Example

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml

Reagrds

Dont forget to rate helpful posts

Hall of Fame Super Silver

Re: Guest network on WLC 2500 series

Your not routing with the WLC your bridging the traffic.  When you create a dynamic interface for your internal, you can specify port 1 as the primary and for the guest dynamic interface you specify port 2 as the primary.  This is how the WLC will now how to put the traffic onto your network.  SO once the WLC puts the traffic on you network, its up to you to route it properly.

Here is an example in the guide of choosing the ports.  Only works with LAG disabled.

2-9-2014 4-50-01 PM.jpg

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
17 REPLIES
VIP Purple

Guest network on WLC 2500 series

HI Emrullah,

Yes you can do it.

You can either use one port on the 2504 for both SSID/vlan or specify which port is for corporate and which one is for guest.

Here is deplyment Guide for 2504 WLC:

http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml#scenarios

Reagrds

Dont forget to rate helpful posts

New Member

Re: Guest network on WLC 2500 series

HI Sandeepchoudhary21,

just wanted to see if i understood the examples correct.

both the guest and internal wlan uses the same AP's and same DHCP server but the only difference is that guest traffic have its own dhcp scoop on the same server?

do you think that its possbile to route it to another DHCP server? or another network..

VIP Purple

Guest network on WLC 2500 series

HI,

I am using Internal network and guest network from same AP from one port.

Corporate connection goes to internal network and guest goes via firewall to outside internet.

I have external DHCP server for Internal employees and DHCP server (Internal WLC) for guest on seperate newtork e.g: 172.28.xx.xx.

Basic topology looks like.

Guest client --------AP--------WLC-------Core Switch-------Firewall-----Router

                            !                                                     !

                            !                                                     !

                            !                                                     !

                       Employee                                          DSL Line only for GUEST

Check this link:

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Smart_Business_Architecture/February2012/SBA_Ent_BN_BYOD-GuestWirelessAccessDeploymentGuide-February2012.pdf

Reagrds

VIP Purple

Guest network on WLC 2500 series

Here is the guide for :

Guest WLAN and Internal WLAN using WLCs Configuration Example

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml

Reagrds

Dont forget to rate helpful posts

Hall of Fame Super Silver

Re: Guest network on WLC 2500 series

Just to add...

You have two options. If you have a DMZ, the best way might be to not use LAG (depending in code) and use a dedicated port on the WLC strictly for the guest and connect that to your DMZ switch. You need to create a new dynamic interface and assign the WLC port to that. Then you would assign this interface to the guest WLAN SSID. So for example, port 1 on the 2504 is for your internal traffic and port 2 is for guest. You can even have a backup port if you want. For example, port 1 is for internal and port 2 is backup for internal. Port 3 is for guest and port 4 is for backup for guest.

If you create a new guest SSID and have LAG enabled (only available on v7.5 or newer) or just want to trunk all the vlan's defined, then you would need to trunk that interface with the rest of your other configured interfaces and then need to creat ACL's in your layer 3 to block guest traffic from access to your internal traffic.

Sent from Cisco Technical Support iPhone App

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Re: Guest network on WLC 2500 series

Hello again Scott,

we have a sonicwall installed where port1 is for internal network (192.168.1.x) and then port2 that's for guest (192.168.80.x) networks and everything else.

could you please tell me or show me how it's done (with some guide or examples.)

Hall of Fame Super Silver

Re: Guest network on WLC 2500 series

Here is a good example of using a primary port and backup port:

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1278794

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
Hall of Fame Super Silver

Re: Guest network on WLC 2500 series

Here is a better look at it with a 2504:

http://www.cisco.com/en/US/products/ps11630/products_tech_note09186a0080b8450c.shtml#scenario2

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
New Member

Re: Guest network on WLC 2500 series

Hi Scott,

I have now read both of the links that you have posted, but cant seem to figure it out on how to route internal to one port and guest to another port. because as i understood it, it then only routes the same ssid between port 1 and 2.

have i missed something ?

1866
Views
0
Helpful
17
Replies
This widget could not be displayed.