Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Guest Access WLC Help

I have 2 WLc 4402. 1 Remote and 1 DMZ. I have read the deployment guide for guest access 20 times and still cannot get it to work. a couple answers that I don't see in the guide. 1. Do AP's need to be associated with the DMZ WLC? 2. Am I anchoring my management IP or a different Dynamic IP? I have verified with Eping and mping that the tunnels should be able to be created, how do I verify? An issue that concerns me is that I cannot ping (ICMP) my remote WLC mgmt interface from the DMZ WLC. I know I have connectivity because of eping, mping and https mgmt from the same subnet as the DMZ WLC MGMT Interface. should I be concerned about this? It could just be ICMP blocked at the FW.

I am trying no to open a support ticket as I am sure this is a simple issue. One of my problems is that my VLANs cannot be tagged because the DMZ VLAN does not reside on our core switches and hence I cannot do 802.1Q which is discussed on page 4 of the dep. guide. to get around this I configured IF/2 on my Remote WLC to an IP from my DMZ subnet? Is this ok, is it needed?

Summary Internal IF 1.1.1.1 for both WLC

remote WLC

MGMT = 10.160.24.30 IF/1

AP-MGMT = 10.160.24.31

Service = 192.168.0.10

guest = 10.160.80.16 IF/2

DMZ WLC

MGMT = 10.160.80.15

ap-mgmt = 10.160.24.33 (don't need?)

service = 192.168.0.10

internet = public IP to be natd by FW

I am a newbie to the Cisco WIFI world, but not to IT/networking.

Any help would be greatly appreciative

4 REPLIES
New Member

Re: Guest Access WLC Help

I believe you need to enable IP Protocol 1 (for ICMP) in order for ping to work ...

Silver

Re: Guest Access WLC Help

1. Do AP's need to be associated with the DMZ WLC?

a) No

2. Am I anchoring my management IP or a different Dynamic IP?

a) No IP gets anchored. You Anchor the WLAN on one controller to your DMZ. On the DMZ, you anchor that wlan to itself.

3) I have verified with Eping and mping that the tunnels should be able to be created, how do I verify?

a) from CLI: show mobility summary

This will should you if everything is UP, or if control/data path is down. EPING/MPING should verify this as well if they are successful.

I'm not sure what you mean about port 2. Are you placing a link straight out to your DMZ? Normally everything goes out the main interface and "routes" out to your dmz.

New Member

Re: Guest Access WLC Help

I had the same issue about guest DMZ controller , do I need to config same SSID on both of anchor and foreign controller ? I also need to use web-auth for wireless guest , which controller's SSID need to be configured web-auth ? By the way , I found a example on CCO , but only for "wired" ,

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00808ed026.shtml

anyone can provide me the example for "wireless gest tunneling " will be very appreciated.

New Member

Re: Guest Access WLC Help

yueric,

1.do I need to config same SSID on both of anchor and foreign controller?

-Yes the wlan needs to be configured the exact same way on both the anchor and foreign controllers

2.which controller's SSID need to be configured web-auth?

-Both need to be configured the same way, so if you want to use web-auth you need to configure the anchor and foreign controller wlan to use web-auth.

HTH

278
Views
0
Helpful
4
Replies