I've seen various configuration & deployment guides that explain the process for configuring guest access using mobility anchors but I'm still confused by one thing...
What is the purpose for creating a separate wired guest VLAN on the local switch and controller and then associating it with the guest WLAN? Why not just use the local controller's management interface instead since the nature of the mobility anchor concept is that a tunnel is built from the local controller to an anchor controller in the DMZ and DHCP is served from the anchor controller?
To me it seems the creation of a wired guest VLAN on the local switch and controller implies that the local guest VLAN is a required part in implementing the guest tunnel. Further, it would seem the wired guest VLAN itself would need to be secured via ACLs or an additional firewall, especially since it would then be routable to/from the private network.
I agree...the documentation Cisco has is (as usual) misleading and bad!
We did not set our network up as the documentation states with a Guest VLAN created on the switch. We implemented exactly as you stated. The internal controller simply builds a tunnel to the DMZ controller. The ip space is in fact in the DMZ and DHCP is served up off of the DMZ controller as well.
Once again cisco drops the ball in documentaion which is frustrating. A document that tells you to click or fill in an option is worthless...yeah, I know I need to fill in the blank...could you be a little more specific?
Thanks for the info... I'll probably end up setting up a few different scenarios in the lab to see what works & what doesn't. For the record, you are VERY right about most of the documentation being ambiguous at best.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...