I am implementing a guest access solution in my workplace. I am unclear on how h-reap and guest access work together.
The implementation includes a 2 x 5500 wlc's at the central office. 1 of these controllers is dedicated to guest access and is configured as a mobility anchor. Web-auth is used for the guest ssid users. Connected to this controller is a cisco adsl router providing internet access for guest users. This router also provides guest users with dhcp
I have configured 2 ssid's, 'corporate' and 'guest'.The 'corporate' ssid is the wlan used everday by employees. The guest access ssid 'guest' is used for guest access.
At the central site all lwapp's operate in local mode. At the remote sites all lwapp's are configured for h-reap mode.
A guest client at the central site connects to the guest ssid and is able authenticate using web-auth and break out onto the internet from the wlc anchor coltroller/cisco adsl router. All good here.
However at the remote site behaviour is not as expected. Assume that the below 2 clients authenticate against the same h-reap configured access point at the remote office.
Client 1, connects to the 'corporate' ssid. This ssid has been configured for h-reap therefore it is expected that client data is switched locally on this h-reap configured access point. This seems to be the case - all good here.
Client 2, a guest, connects to the 'guest' ssid. The 'guest' ssid is not configured for h-reap local switching therefore I would expect all data to tunnel to the controller and break out to the internet via the mobility anchor wlc/adsl router. However this does not appear to happen. The guest has no internet access. If I then place the access point in local mode (uncheck the h-reap option on the ap) and reboot the ap for changes to take effect, the guest 'ssid' allows the user to access the internet via the mobility anchor wlc/adsl router.
Therefore I want to know if it is possible to use different ssid's on the same h-reap configured access point and expect the guest ssid to tunnel to the controller/mobility anchor/internet whilst the 'corporate' ssid switches data locally.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...