Hi thanks for your answers,

I have o ley one (1) cisco wlc, i can not configure anchor  and foreing controller,

Is possible to do it in my scenary¿

Regards

Take a look at the link that Matthew posted... just setup the ingress and your egress, but you don't have to point it to an anchor.  Just follow the first half of the guide, but of course your egress would not be your management but another interface you want to place guest users:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml#wllan

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Hi Scott, thanks for your answer:

My scenary is:

Site A Corporate

WLC 5508 Flex Connect Central Auth + Local Switching

1. int management:  vlan 10 - 10.1.1.2/24

2. int virtual: 1.1.1.1

3. wired-guest: vlan 30

wlans:

1. corporate - mapped to interface  management 802.1x wpa, 2pa2

2. guest - mapped to interface management web auth

3. wired-guest: web auth, ingress wired, egress management

Cisco ACS v5.4

Site B: Branch

AP Ligthweight in the vlan 10, vlans mapped 100 and 30, 100 for wlan corporate and 30 for wlan guest.

Switches Cisco,

The branch have a router of internet to users guest.

The switch cisco have a 802.1x configuration, and the method to authenticate users can not have a supplicant 802.1x is web auth.

Actually i can not redirect the traffic from the switch in the branch to cisco wlc 5508 in the corporate site. The users bypass the interception of the cisco wlc and they can goes to internet without the portal of authentication.

Please could you give and advice to resolv it?

Regards for your answers.

Wired guest has to local to the WLC. So only the site in which you have a WLC can you use wired guest.

Hi Scott

Thanks for your answer. So according your advice,  wired guest can not work if the users are in a remote site in the wan,?

All the users have to stay in the same site with the wlc?.  My question is, because i have flex connect central auth and local switching in my deployement,  I would like to use wired guest in the wlc,  but  the users are in the wan.

Thanks.

That will not work as the guest wired subnet has to be local to the WLC.  This means the wired subnet has to be on a dynamic interface you created on the WLC, You can't achieve this if your guest wired subnet is on anther subnet than what you have on the wlc dynamic interface.

Example:

Vlan 999 is only a layer 2 subnet, there is no layer 3 interface.

Vlan 888 is a layer 3 subnet.

Wired Guest (vlan 999) --> Switch --> WLC Ingress Port (Interface Guest vlan 999) --> WLC Egress Port (Interface Guest Traffic Vlan 888)

You want to have wired guest, then you need to look into ISE with your setup.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"