Guest Tunneling

mnordhoff · ‎12-19-2005

Has anyone found a good link on configuring guest tunneling using the new Cisco lightweight wireless architecture? I believe the basic concept is to transparently tunnel guest traffic directly from the private wireless network to a wireless LAN controller in a DMZ without having to implement the standard set of access controls in the private LAN network layer to restrict access. The documentation I've seen on CCO mentions the concept in passing but I've yet to find any real configuration tips.

Thanks in advance!

mchin345 · ‎12-23-2005

This document assumes that PPTP connections to the router with local Microsoft-Challenge Handshake Authentication Protocol (MS-CHAP) V1 authentication (and optionally MPPE, which requires MS-CHAP V1) have been created with the use of these documents and are already operational. RADIUS is required for MPPE encryption support. TACACS+ works for authentication, but not MPPE keying. MS-CHAP V2 support was added to Cisco IOS Software Release 12.2(2)XB5 and was integrated into Cisco IOS Software Release 12.2(13)T (refer to MSCHAP Version 2), however, MPPE is not supported with MS-CHAP V2 as of yet.

http://www.cisco.com/en/US/tech/tk827/tk369/tech_configuration_examples_list.html

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008009436a.shtml

Darren Ramsey · ‎12-23-2005

Create the "guest" WLAN on both controllers. Get the routing and authentication working for the "guest" WLAN on the DMZ controller. Create a mobility group and join both the DMZ and Trusted controllers to it. Configure your guest WLAN on the trusted controller as a mobility anchor to the DMZ controller. That should do it more or less.