A client has a AP350 - my goal is to have it be open (so that visitors could use their WLAN to connect to their own company sites, email, surf) so what I was hoping to accomplish was something like this.
Setup the AP350 with an external static IP address (not in the NAT / internal network range). Have the client site employees use the VPN client to connect to the internal network via a PIX.
This would leave the visitors no access to the client site but would just keep right on going.
Although I'm confident in my networking skills, I'm new to WLAN. This seems to be a good idea but what are the flaws in this idea, am I missing something?
Practical question: *if* this is a valid idea - DHCP is not an option on AP350 but each user would need an IP address when they initially connect to the AP350... so how would you handle giving out IP addresses to each group of users?
The Aironet products are all layer 2 devices as they do NOT have DHCP (the 1100 is an exception on DHCP but has limitations) or NAT functions.
The VPN set up is good for layer 3 and above network security but means anyone can associate to the AP and if wanted to could reduce the data throughput to netxt to nothing by creating a broadcast storm.
A better option in this case is to configure VLANs on the AP.
Have one VLAN open for guests
The second VLAN can be for all your company users. If you authenticate them via EAP on this VLAN then you can also have the ACS server control VLAN asignment. You can have a DHCP server on the etherent side in each VLAN to keep the guests and company staff on different subnets. You can also use VPN for your company as a added level of security if you wanted but I dont think this is needed.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...