A client has an Aironet 1200 AP and currently they have Radius set up to allow Microsoft domain users access to the LAN. They now want to set up public access to the internet for guests as well.
Our initial thought was to set up another SSID and ACL the ports we would allow the guests to use. I can't seem to find any documentation that shows me how to do this... and I'm not very familiar with the 1200 or Cisco for that matter.
Further, it appears that VLAN's might be a requirement in this scenario, and this isn't possible with our current hardware.
I need to allow domain users access to the LAN resources via secure Radius authentication. I need to allow anyone off the street access to the internet and deny access to anything on the LAN. I need to do this with one Aironet 1200.
To configure RADIUS-based VLAN access control. For example, if the WLAN setup is such that all VLANs use IEEE 802.1x and similar authentication mechanisms for WLAN user access, the user can hop from one VLAN to another by changing the SSID and successfully authenticating to the access point. However, this process may not be ideal if the wireless user is to be confined to a particular VLAN.Refer the follwoing URL for more information about vlan on 1200 AP
If you can't configure vlans on a switch and your router doesn't support 802.1q trunking, you can't configure vlans on the access point. The reason being, each ssid will be mapped to a vlan and the access point switch port will have to be trunked.
There is no way you can do this if you are limited to a single subnet. You have to be able to define your acl's on a interface, usually from your guest subnet to you inside network. Since you have a single subnet, guest users will acquire DHCP from the same subnet as your current wireless users. this is what you don't want. you have to get a l3 switch or a router that supports 802.1q trunk.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...