Am running into a slight issue and was hoping someone could shed a light on this.
I am using a Cisco WLC 2504 wireless LAN controller to manage four (4) 1142 WAPs. Everything works well and we have both authenticated users and a guest-wireless network as well.
However, we are implementing a web filerting solution (zScaler) which requires a GRE tunnel from our edge router (C2921) to their network. Everything goes through this tunnel now. Along with that we have SSO (single sign on) solution (OKTA) which requires all users to login using their AD accounts and they must also agree to our terms of Conditions.
So, my question is, how can I allow guest users to bypass this tunnel and not use an AD account to authenticate?
Here is one possible solution:
Place the guest users on a new VLAN and then route then through my ASA 5510 firewall through a new egress IP. This new egress IP I can set up as an exception in the GRE tunnel.
My problem is how do I configure guest users to be on a new VLAN through the WLC?
And then how do I configure the ASA to route this VLAN over the new egress IP?
Thoughts? Ideas? am happy to provide config files if needed or to diagram further.
One thing I forgot to mention; we are using an outside VoIP provider, and so we do VLAN tagging on all the single drops in each cubicle. management would not let us separate out data phones lines from the computer drops.
We VLAN tag all data packets as VLAN 101 and then tag all VoIP packets as VLAN 200. Am happy to set up another VLAN 100 as wireless, and then route them out our C3750G switches, but have never had to do this as well.
Am going to burn an extra port on my WLC and plug it directly into my C5510 and use an extra IP as my egress.
Any suggestions on how to configure a new port on the WLC to be in a different subnet and then route guest-wireless over this port and then out a different egress IP on the firewall? Am concerned that the egress IP will overlap the LAN Ip address subnet.
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...