I'd like to create a tunnel for guest traffic, but I only have 1 Cisco WLC controller and don't have the budget to get another. All the reference architecture points to having a 2nd controller as a mobility anchor for the EOIP tunnel. Is there a way to have an EOIP tunnel with only 1 controller for guest traffic? If so, could you provide a link to an example or steps to create?
(For corporate secure access, I already have a wlan pointing to a radius and CA server)
An EOIP Tunnel for guest traffic is a concept that requires at least two wireless LAN controllers because you are going to anchor the clients of the desired wireless LAN controller on another controller in order to send that traffic off the network. If you do not have two controllers then there is no other option than to configure a guest VLAN and manage that traffic accordingly (maybe through a VPN tunnel) to reach the desired resources for guest clients.
No 2 controllers are necessary for this implementation. Reason is mention below.
What is an Ethernet over IP (EoIP) tunnel to the unsecured network area?
A. Cisco recommends the use of a controller dedicated to guest traffic. This controller is known as the guest anchor controller.
The guest anchor controller is usually located in an unsecured network area, often called the demilitarized zone (DMZ). Other internal WLAN controllers from where the traffic originates are located in the enterprise LAN. An EoIP tunnel is established between the internal WLAN controllers and the guest anchor controller in order to ensure path isolation of guest traffic from enterprise data traffic. Path isolation is a critical security management feature for guest access. It ensures that security and quality of service (QoS) policies can be separate, and are differentiated between guest traffic and corporate or internal traffic.
An important feature of the Cisco Unified Wireless Network architecture is the ability to use an EoIP tunnel to statically map one or more provisioned WLANs (that is, SSIDs) to a specific guest anchor controller within the network. All traffic—both to and from a mapped WLAN—traverses a static EoIP tunnel that is established between a remote controller and the guest anchor controller.
Using this technique, all associated guest traffic can be transported transparently across the enterprise network to a guest anchor controller that resides in the unsecured network area.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...