We currently have an office building with company employees using the our wireless infrastructure.
We are going to start leasing some of the open space to tenants and we are going to offer wireless connectivity. Does anyone know where I can find documentation on best practices and configuration for this type of setup?
Isolate, isolate, isolate. Use VRF or PBR or, at the very least, terminate the customer vlan(s) on your firewall rather than your core router, and set up good ACLs everywhere. Use a completely different address space for your tenants if possible- i.e. if you're using network 10 put all their stuff in 192.168, or whatever. Rate limit to make sure they don't choke your pipe- and, if you feel like it, so that you don't choke theirs. Figure out how security will be handled and who'll be responsible for maintaining their user directory.
How many SSIDs are you looking at? If it's just two or three, I wouldn't worry about beacon volume at all. If it's more like 20, you have a challenge to work with.
Using RADIUS, you can force users into different VLANs based on RADIUS attributes regardless of which SSID they connected on. So that's an option... but without extensive testing I'm not sure I'd rely on the security of that sort of implementation.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...