I'm currently setting up a wirless lan with a Cisco 4402 Wireless Lan Controller and 1 cisco 1242AG Access points first. the access points can be discover. A couple of thing are bugging about it.
Until now, on the controller I've done that:
1. setting the interfaces:
- ap-manager - vlan untagged, IP 172.16.0.100/24, dynamic AP management enabled
- management - vlan untagged, IP 172.16.0.1/24
- service-port - IP 192.168.160.45/24
- virtual - IP 22.214.171.124/24
- vlan2 - vlan 2, IP 172.16.0.5/24
- guest - vlan 4, IP 192.168.1.20/24
2. creating 2 WLANs for internal and guest access with vlan 2 and guest interface respectively.
When using the wireless, i can find the SSID for internal WLAN, but not guest WLAN, there is no problem with internal WLAN, What's the steps to make the guest WLAN works?
How can my notebook connect to the guest WLAN by using the guest SSID?
I want to create one more interface, but i can't create it with vlan untagged, what's the problem?
Any advice will be good I guess, I am kind of stuck here.
When you created the Guest interface did you put a tick in either Quarantine or Guest LAN? As both of these need to be unchecked.
Also when you look at WLANs tab are both WLANS enabled? When you created the WLAN under "Type" did you choose Guest LAN or WLAN?
I have check the Guest Lan only, even if i uncheck it, the SSID seems can't broadcast as client notebook still can't find that SSID.
yes, when i look at WLANs tab are both WLANS are enabled. and i did choose Type as Guest Lan for my guest lan
The way I did it was by creating two identical WLANS, Internal and Guest each going to two seperate interfaces and VLANs. I then created an ACL on the WLC that permited traffic only to the Internet and applied that to the Guest Interface, this works really well for me.
Whenever I tried creating a "Guest LAN" or checking the "Guest LAN" check box on the interface it never worked for me.
Check this out.
identical WLANS means two WLAN with same type (WLAN) and same SSID? if same SSID, then how i diversity that the guest is connecting to the production lan or guest lan? as i want all the guest use our guest line to access internet rather than our production lan.
No, the configuration of the two WLANs are indentical, except they have different names, IP addresses, Interface and VLAN, E.g
SSID - "Internal" vlan 10 - 10.128.56.1 -Interface -Internal
SSID - "Guest" vlan 150 - 10.128.61.1 Interface - Guest
So when you're creating a guest WLAN choose "WLAN" not "Guest LAN"
..following on from above, when you create a Guest interface this is where you apply an ACL to restrict traffic to the Internet.
i'm configuring it with your advice, i'm connecting the cisco 4402 to cisco 6506 switch. from 4402,
the vlan "untagged" connecting to 6506 vlan 1, then should i config vlan 4 == 6506 vlan 5? ridiculous question :P
I can connect to the product lan if i set the interface management to SSID guest, but when i set the interface guest to SSID guest, the connection faileds
my situation is vlan 1 is connecting to the production lan, while vlan 4 is connecting to other broadband service with non-cisco router, is that any problem?
It's a little hard to understand what you're trying to say. On the guest or internal interface have you configured a DHCP server? Have you configured a DHCP scope for the either WLAN? What's is error you get when trying to connect to the guet WLAN with the guest interface?
When you're creating a WLAN you shouldn't use the management interface. You should be using another one of your Dynamic interfaces that you created, i.e. either the "Internal" or "Guest" interface.
If you follow the steps from the website I sent you before, you should be good to go
i can't get IP from DHCP server for guest lan, if i enter IP at the network property, it then works. i have configured a DHCP on the guest interface. should i check DHCP override or DHCP server assignment from the WLAN, guest SSID?
i can't create other interface with the same vlan as management interface now, i want to create one more interface as the same as the vlan of management interface.
i got the error msg "Client Excluded: Client MAC Address:00:13:cf:9c:a7:8e, AP Base Radio MAC :00:1e:0f:88:c1:b0, Slot: 0, Reason:802.11 Association failed repeatedly., ReasonCode: 2 "
This shows that the client is failing authentication and since you have client exclusion enabled, you get this error. You need to fix the authentication and you will not get this error. You can also disable client exclusion.
Post your show run-config so we can verify you configured everything on the wlc correctly.
The DHCP server and client works fine now. but another problem comes up. When i remove the production WLAN profile name and SSID, then i create a new WLAN profile and SSID for the production LAN, but i can't find the SSID from client notebook, it's not the first time. When i remove and recreate another SSID, i can't find the SSID with client. Any idea? Thank you!