Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

pre-sale question

We are looking into purchasing one 4402 with 8 AIR-LAP1142.  I was wondering what would be the best way to segregate guest access from employee access to our network.  I was told that if a known laptop (known mac address) connects to the AP you can have it so it receives an IP on a specific subnet that you allow into your network.  And if you have an unknown mac address (guest) connecting you can have it receive an IP on different subnet which is allowed Internet use only.  If this is the case will I need to send both those subnets (VLANs) down to the controller over trunk ports of an aggregating (say 2960) switch?  Is there a better/easier way? Thanks, Vinny

Everyone's tags (4)

Re: pre-sale question

I think you can create seperate SSID for internal access and guest access.

1. Internal SSID -> non-broadcast, WPA/WPA2 personal/enterprise, internal vlan

2. Guest SSID -> Open with Web-authentication, use WLC lobby account to generate temporary guest account (guest account can set to expire), all guest client will use guest's seperate vlan with security eg. access-list or firewall policy

New Member

Re: pre-sale question

Thanks for the reply.  As far as connectivity from each AP, do I set-up trunk ports to each of them on the switch that connects to the controller?

Re: pre-sale question

Yes, in Local mode access point. We only need a trunk at
WLC ports that connect to a switch. This will support multiple VLAN for each SSID.

And usually use LAG mode on WLC together with Etherchannel port on switch side for redundancy.

CreatePlease to create content