I have 2 1130AG access points. In the end i want two SSID's, one for guest users and one for employees. The guest SSID should only allow http traffic. 1 AP has already been set up with one SSID that accomplishes the employee role. It uses 802.11x auth using a radius server. How do I set up this scenario for my office coverage? Do i create multiple SSID's on 1 AP (one for guest one for employees) and then duplicate it on the other AP? How do i restrict the guest SSID to only allow http traffic?
The most secure method would be to create two vlans, one for your employee traffic, one for your guest traffic. Place an ACL on the vlan interface for your guest traffic limiting the traffic to HTTP traffic (And also considering limiting the hosts they can actually touch. You don't want a guest finding an unpatched http server in your network and using that as an attack vector for the rest of your network). Then set up a trunk port, hang your aps off that. Set your employee SSID and vlan up as the native vlan. Set the guest ssid up to use the guest/restricted vlan.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...