Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest WLAN issues

I have an install with a 5508 Controller running 7.0.98.0 code.  I am in the process of converting from Auto to LWAPP.

The way they are currently setup for Guest access is they have an unrouted VLAN setup with a m0n0wall that the guests are redirected to.  The m0n0wall currently handles the DHCP and redirects to the captive portal to agree to Terms and Conditions berfore allowing access.

We've got one AP setup which is an 1131 and we have all of their WLANs working with the exception of this one for Guest.  We can associate and I have the DHCP server set as the m0n0wall but we never get an IP, I have also used the local DHCP on the controller and while we can get an IP we can go no further.

It almost seems as if the LAG is not passing this VLAN for some reason.

The LAG is very simple setup with two ports that is something like this:

Int PO100

no ip address

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 505

switchport mode trunk

Each port in the LAG is like this:

Int GI5/37

switchport

switchport trunk encapsulation dot1q

switchport trunk native vlan 505

switchport mode trunk

channel-group 100 active

The reason I think it is the LAG is because I cannot even ping the m0n0wall from the controoler.    I have done a setup before very similar to this only using  a different gateway with no problems.

Anyone ever run into something like this that might could give me some pointers

Thanks in Advance

Mike

2 REPLIES
Cisco Employee

Re: Guest WLAN issues

Hi Mike:

Some input on how your controller's Management interface and whatever dynamic interface this "unrouted VLAN" maps up to would be very helpful.

(nms-4402) >show interface detailed management

Interface Name................................... management
MAC Address...................................... 00:21:55:07:76:e7
IP Address....................................... 14.32.60.10
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 14.32.60.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged 
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.18.123.233
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No

(nms-4402) >

In this example, the Management interface is untagged and would match up with the VLAN 505 from your example.

If your unrouted VLAN is in a different VLAN than 505, the controller has to have a presence in that VLAN--that's what the dynamic interface is for.

(nms-4402) >show interface detailed vlan51  

Interface Name................................... vlan51

MAC Address...................................... 00:21:55:07:76:e7
IP Address....................................... 14.32.51.110  <-- same subnet as guests/unrouted VLAN
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 14.32.51.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 51       
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (29)
Primary Physical Port............................ LAG (29)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 172.18.123.233 <-- m0n0wall's IP address
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No

(nms-4402) >

The m0n0wall would be the DHCP server for that dynamic interface.  You can then build a WLAN to bind to this dynamic interface and should be good to go.

Sincerely,

Rollin Kibbe

Network Management Systems Team

New Member

Re: Guest WLAN issues

Rollin,

Here is what I have:

(Cisco Controller) >show interface detailed management

Interface Name................................... management
MAC Address...................................... 00:24:97:ce:b0:c0
IP Address....................................... 172.17.0.210
IP Netmask....................................... 255.255.240.0
IP Gateway....................................... 172.17.0.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. untagged
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (13)
Primary Physical Port............................ LAG (13)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 1.1.1.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... Yes
Guest Interface.................................. No

(Cisco Controller) >show interface detailed vlan201

Interface Name................................... vlan201
MAC Address...................................... 00:24:97:ce:b0:cf
IP Address....................................... 192.168.11.2
IP Netmask....................................... 255.255.255.0
IP Gateway....................................... 192.168.11.1
External NAT IP State............................ Disabled
External NAT IP Address.......................... 0.0.0.0
VLAN............................................. 201
Quarantine-vlan.................................. 0
Active Physical Port............................. LAG (13)
Primary Physical Port............................ LAG (13)
Backup Physical Port............................. Unconfigured
Primary DHCP Server.............................. 192.168.11.1
Secondary DHCP Server............................ Unconfigured
DHCP Option 82................................... Disabled
ACL.............................................. Unconfigured
AP Manager....................................... No
Guest Interface.................................. No

(Cisco Controller) >show wlan 1


WLAN Identifier.................................. 1
Profile Name..................................... GUESTNETWORK
Network Name (SSID).............................. GUESTNETWORK
Status........................................... Disabled
MAC Filtering.................................... Disabled
Broadcast SSID................................... Enabled
AAA Policy Override.............................. Disabled
Network Admission Control

  NAC-State...................................... Disabled
  Quarantine VLAN................................ 0
Number of Active Clients......................... 0
Exclusionlist Timeout............................ 60 seconds
Session Timeout.................................. 1800 seconds
CHD per WLAN..................................... Enabled
Webauth DHCP exclusion........................... Disabled
Interface........................................ vlan201
WLAN ACL......................................... unconfigured
DHCP Server...................................... Default
DHCP Address Assignment Required................. Disabled

--More-- or (q)uit
Quality of Service............................... Silver (best effort)
Scan Defer Priority.............................. 5,6
Scan Defer Time.................................. 100 milliseconds
WMM.............................................. Allowed
Media Stream Multicast-direct.................... Disabled
CCX - AironetIe Support.......................... Enabled
CCX - Gratuitous ProbeResponse (GPR)............. Disabled
CCX - Diagnostics Channel Capability............. Disabled
Dot11-Phone Mode (7920).......................... Disabled
Wired Protocol................................... None
IPv6 Support..................................... Disabled
Passive Client Feature........................... Disabled
Peer-to-Peer Blocking Action..................... Disabled
Radio Policy..................................... All
DTIM period for 802.11a radio.................... 1
DTIM period for 802.11b radio.................... 1
Radius Servers
   Authentication................................ Global Servers
   Accounting.................................... Global Servers
   Dynamic Interface............................. Disabled
Local EAP Authentication......................... Disabled
Security


--More-- or (q)uit
   802.11 Authentication:........................ Open System
   Static WEP Keys............................... Disabled
   802.1X........................................ Disabled
   Wi-Fi Protected Access (WPA/WPA2)............. Disabled
   CKIP ......................................... Disabled
   Web Based Authentication...................... Disabled
   Web-Passthrough............................... Disabled
   Conditional Web Redirect...................... Disabled
   Splash-Page Web Redirect...................... Disabled
   Auto Anchor................................... Disabled
   H-REAP Local Switching........................ Disabled
   H-REAP Learn IP Address....................... Enabled
   Client MFP.................................... Optional but inactive (WPA2 not configured)
   Tkip MIC Countermeasure Hold-down Timer....... 60
Call Snooping.................................... Disabled
Roamed Call Re-Anchor Policy..................... Disabled
Band Select...................................... Disabled
Load Balancing................................... Disabled

Mobility Anchor List
WLAN ID     IP Address            Status
-------     ---------------       ------

It should be pretty much a no brainer.  In my testing environment the LAG for the 5508s go to a 6513 and the m0n0wall is on that same 6513 and the switch that the AP is on is connected directly t oa 3560 that is connected to the 6513.   I have gotten the same type setup working before but using Nomadix as the Gateway product with no issues so I am not quite sure what is going on here.

Thanks

Mike

515
Views
0
Helpful
2
Replies
CreatePlease to create content