I am deploying wireless network at my work. I am using PEAP for my clients with radius server which is working fine now. I want to create another wireless network which is for guests with WPA+WPA2 authentication. I want to know if it’s best to use separate interface on WLC for new Network or should I use dynamic interface. I want guest network to have only internet access. This is what my current setup and I want VLAN200 for Guests wireless.
WLC Management is connected to Cisco 3560 switch with trunk and dot1q configured
Port 2 to 4 are configured as access port for VLAN 100
VLAN 100 is for clients.
I want to know how I create another vlan for guest.
If you require further details please let me know.
I have created new WLAN(Guest Access) and i have created new interface on wlc with port 2. I also allowed new vlan on switch port i can see the new wireless network but its not getting IP address. I already created internal DHCP scope for this but still no luck.
One thing which could be causing it when i create new WLan in the properties 'Interface/interface group' only management is coming. I think the second interface should appear in here.
What you have to do in order to configure a second SSID on your wireless network using a wireless LAN controller is create a dynamic interface on your controller and link it to the VLAN that you want. You just have to make sure that you link the interface to the same physical port on your controller because you should not use the WLC to switch packets between ports, so you should only have one connection between the WLC and the network.
Then you have to make sure that the VLAN exist on the switchport where the WLC is connected because here is where the traffic is going to be placed with the VLAN ID (tag) that you configure on the interface.
Once the interface is properly configured, you will be able to configure your new WLAN and select the interface that you want and that’s it.
Here is a link that explains all of this with more details and let you know how to configure this on your controller:
Regarding the IP assignment, you have to make sure that the DHCP server is properly configured on the interface configuration and that the WLC is able to reach that server (you can test this by pinging the DHCP server from the controller itself) this is because by default the WLC is a DHCP rely agent and it will be the one asking for an IP address to the DHCP server. If you don’t want this behavior, or if you have devices that will not allow this behavior like a Cisco ASA then you have to just uncheck the “DHCP Proxy” option that you can find on the Controller tab > Advanced > DHCP.
Note: You cannot uncheck this option if you are using your WLC’s internal DHCP server.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...