Using ACLs to control guests paths to the internet
Out global network consist of many sites world wide where 75% of the sites having their own internet connection.
To streamline the wireless setup in our WLC's I have considered to run the LAP's in H-REAP mode and on the guest SSID use access control lists to prevent guest users to access internal IP's.
The guest's shall still be authenticated by our NAC guest server.
The guest traffic would then flow to the default gateway which is the nearest internet connection.
I know that the guest might be able to craft an ethernet packet with spoofed source address and there might fool the ACL, but besides of that is there any major security risk I am missing here?
In a perfect world I would isolate the guest traffic, but our network structure makes it hard to streamline that.
The idea was to use 3-4 centralized controllers each with the same configuration and the H-REAP LAP's could then connect the one with lowest delay time via the "Enable Least Latency Controller Join" under the officeExtent AP settings (?).
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...