I have a 4402 WLC configured with a guest wlan using the internal DHCP on the controller and web authentication. The client is finally getting an IP, the web authentication page and can login, but cannot get to the internet. The wlc connects to a 3750E switch, and we have an ASA 5510 appliance. I have configured a vlan for the guest clients, but still cannot see the ASA. It looks like the wlc cannot send to the ASA, but, the internal wireless users are working fine.
Solved! Go to Solution.
Not knowing your overall design i will mention some of the obvious items:
Are you using a guest anchor controller: If so are your guest SSIDs on both the anchor and main controllers identical
Do you have an ACLon the guest vlan, if so remove it and see if you can gain access with it off
Can you extend the guest vlan to a wired port and see if a pc on the wired can get out ?
Thank you for the response. I do not have an anchor set up, since we only have the 4402 WLC. I am not using ACLs at the moment - I am fairly new to wireless networking, and have not tried any yet, I have not tried extending the vlan, but I will as soon as I can.
Here is our network configuration:
Our 4402 is running s/w 220.127.116.11M (Mesh). We have 5 1010 AP's (hence the old version), 2 1522 (mesh), and an 1131AG. The rest of the network is mostly 3650 and 3750 PoE switches, and the ASA 5510.
How do you have your WLC setup? Maybe you should... if not already... have port 1 setup for your inside and port 2 connected to your dmz switch. On the WLC interface, make sure you have the correct interface pointed to the correct network and don't configure a backup port. SO when you have a WLAN SSID mapped to the guest interface, it will be going out of port 2 and SSID's that are mapped to your other interfaces will go out of port 1. Hope this makes sense.
Thank you for the response. It sounds like a great idea, but, I need to get another SFP for the port. I will find out if we have one, or how much one is to buy. I have looked at every setting on the current port, and don't see a reason that the guest network can't connect. I did notice that the switches are all running as Layer 2 yesterday, and lost all connectivity when I tried switching the port to 3.
Try this first.... your vlan you created for your guest interface on the WLC, configure a switchport to that vlan. Connect your laptop to that port and assign an ip address/dns (that you reserved for dhcp) to your ethernet card. Are you able to get out to the internet? Are you able to ping the default gateway your FW interface?
I tried both, and no luck. I am not able to get an IP address from any DHCP server either (I connected the nic up before entering the IP address).
I did not do the original set up on any of the equipment here, and the person that did could not get the guest access to work either. I have made more progress than he did, but, not enough to get out.
No problem... just reply back to this thread when you get the routing fixed and if you still can't get the guest
wireless up. Have a good weekend!