In order to provide the wired guest access, the designated ports in the layer-2 access layer switch need to be configured on the guest VLAN by the administrator. The guest VLAN must be separate from any other VLANs that are configured on this switch. The guest VLAN traffic is trunked to the nearest WLAN local controller. The local controller tunnels the guest traffic across a EoIP tunnel to a DMZ Anchor controller. This solution requires at least two controllers.
Here is the URL for the Wired Guest Access using Cisco WLAN Controllers Configuration
I used our Guest WLAN as the Egress Interface and created a new VLAN interface(199) for the ingress interface. I then assigned vlan 199 (not to be confused with interface vlan 199. You want to keep it layer 2) to a switch on my desk and a switchport on that switch. Plugged my laptop in to that switchport and opened a web browser. I got the cisco login page just like you would on a guest WLAN.
The DHCP server is on the anchor controller and is giving out IP address from a class C x.x.232.x. The subnet's default gateway is an interface on our firewall and that subnet has a specific rule set limiting it to only web access.
That is a very basic overview of what I did. If you need me to get into further detail let me know.
Did you actually get this to work with one controller? I have this setup on one controller and the Wired clietns do not get their DHCP offer forwared through the WLC from the DHCP server. Logging indicates that it is do to the fact that the VLAN does not have and IP address associated to it.
I was toying with the Idea of doing this with my 1510 Mesh AP's (and 1020's) that aren't supported in 5.X.
Basically, I was going to use one Controller on 4.1 code with all of these APs. Then I would dump out all of my "guest wlans" on the a private vlan and trunk that private vlan into another controller (with 5.X). That controller would be configured with that vlan as a guest vlan and then Anchors it to my DMZ Controller....
So in theory, if you want wired guest access, I'm pretty sure you just make the configuration on the internal controller specifying it as a Wired Guest VLAN, and then anchor it to the DMZ.
However, I haven't read up on it recently, so I don't remember exactly the config. But I suppose the previous links posted have the details,
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...