cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5010
Views
30
Helpful
37
Replies

Guest Wireless Not working

Hi

I have two controllers running code 6.0.182 and one guest controller with same version.

I can see the tunnel UP(Both control and data path) in both controller.

Guest users are authenticated by web authentication.Suddenly guest users become too slow to access internet.Web authentication is successfull.But its too slow to access internet.Did anyone face the same issue.Pls reply me at the earliest.

Regards

Danish Ahammed

37 Replies 37

Nicolas Darchis
Cisco Employee
Cisco Employee

Hi,

if the web authentication was successful, then the clients are in "RUN" state and treated like any other clients. If there is a delay, it might be happening between your 2 WLCs. I would analyze with sniffer traces to see really what is slowing down the traffic

Regards,

Nicolas

I need your advice , i have the same issue ,I can see GUEST connection status on IPad, but i can not brows/ access a web page .

Any Help pls?

Here is my Config;

no dot11 igmp snooping-helper

dot11 syslog

!

dot11 ssid OFFICE

   vlan 1

   authentication open eap eap_methods

   authentication network-eap eap_methods

   authentication key-management wpa

   accounting acct_methods

!

dot11 ssid GUEST

   vlan 40

   authentication open

   authentication key-management wpa

   guest-mode

   wpa-psk ascii 7 XXXXXXXXXXXXXXXXXXX

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 1 mode ciphers tkip

!

encryption mode ciphers tkip

!

encryption vlan 40 mode ciphers tkip

!

broadcast-key vlan 1 change 3600 membership-termination capability-change

!

broadcast-key change 3600

!

broadcast-key vlan 40 change 3600

!

!

ssid OFFICE

!

antenna gain 0

speed  basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

station-role root

rts threshold 2312

no cdp enable

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.40

description GUEST

encapsulation dot1Q 40

no ip route-cache

bridge-group 40

bridge-group 40 subscriber-loop-control

bridge-group 40 block-unknown-source

no bridge-group 40 source-learning

no bridge-group 40 unicast-flooding

bridge-group 40 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

hold-queue 160 in

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.40

description GUEST

encapsulation dot1Q 40

no ip route-cache

bridge-group 40

no bridge-group 40 source-learning

bridge-group 40 spanning-disabled

!

interface BVI1

description GUEST

ip address 10.10.X.X 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.X.X

no ip http server

ip http authentication aaa

ip http secure-server

I cannot see the guest ssid inside dot11radio 0

Try to add it.

Regards

Danish

Thanks

With enabled GUEST ssid , it is still the same issue.

Adewalexdavid => Well It's not the same issue as you seem to be under IOS while the original question was for controller environment :-)

The only thing wrong with your configuration is that you're not enabling the GUEST ssid on your AP at all. Under the "dot11radio0" interface you only have the command "ssid OFFICE" and no "ssid GUEST", so for sure your AP is not serving the GUEST ssid.

If your ipad shows "guest", maybe the ipad is configured to create the GUEST ssid as ad-hoc connection ?

can laptops connect to the guest ssid ? Is anyone receiving an ip address ?

thanks for your reply

It was a issue with the policy setting on firewall.Now its working.

Regards

Danish Ahammad

Thanks,SSID was added , but i can not login with password.Regards,

Not sure what I can reply to this :-)

any message on AP console ?

what does a "show dot11 assoc all" says ?

Thanks,

But i am still having the same problem ,after enabling the GUEST SSID , My IPAD  cannot obtian IP address.

Could it be on RADIUS server ?

No radius involved since your guest SSID is using a wpa pre-shared key.

Can you try with something else than an ipad ?

do you see your client when doing a "show dot11 assoc" on the AP ?

Do you have a dhcp pool configured on the switch for vlan 40 ?

Nicolas.

Thanks Nicolas,

I have no Int Vlan 40 on the switch. I will configure that and get back to you ASAP.

Would i need to change the IP on BVI1 and also what about Default Gateway on Access Point, and on Switch?

My config on Switch

interface VLAN1

ip address 10.10.10.22 255.255.255.0

no ip directed-broadcast

no ip route-cache

!

ip default-gateway 10.10.10.1

My config on Access Point

interface BVI1

description GUEST

ip address 10.10.10.9 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.10.1

Regards

Dak

You need an interface vlan40 on a switch that will act as gateway for the clients.

The BVI1 is just to telnet the AP and manage it, so it's fine as it is. The only "strange" part is that your management of the AP is in the guest vlan. So once you have everything working, you might think about having the bridge group 1 and BVI1 on AP that are not for guest access. But no showstopper there.

Thanks Nicolas,

so I need to configure this on SWITCH

interface Vlan40

description guest

ip address 10.10.10.X 255.255.255.0

ip access-group GUEST_ACC in

ip helper-address 10.X.X.X

ip helper-address 10.X.X.X

no ip redirects

Will i need to configure default gateway for Vlan 40, with the above config is on my switch and without changing anything on AP ,everything should be fine?

Dak

Wow, lots of confusion.

With the current config you showed, you are putting the vlan 40 interface in the same subnet as your vlan 1. This is not good.

There is only 1 default gateway per device. So AP has its default gateway in vlan 1, fine. And your switch already had a defautl gateway, so fine as well.

Simply what is needed is : AP configured with 2 vlans (1 and 40), simply bridging them. One switch somewhere having a vlan interface for both vlan 1 and 40 and a dhcp pool for each subnet.

Regards,

Nicolas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: