I understand that the suggested method for the guest Wlan is to be in the DMZ on a separate controller. As each location has its own firewall/internet connection I find this solution expensive, an administrative nightmare, and probably overkill. My question is: Is my guest access secure enough with web-auth, separate vlan, and the access control list?
I personally don't like to use the ACL feature on the wlc. Why not create acl's on the L3 interface of vlan 2 to deny guest network to internal network. If you have a different internet connection for guest, you can use one of the available ports for the guest traffic. This is specifed in the interface you create for guest. If you have one internet connection, then create acl's on the l3 switch.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...