I am trying to figure out a way to do a Guest Network without using an ACL tied to the SSID. (Customer's request) Its a layer 3 network and they suggested creating a DMZ zone off their ASA and connecting the WLC there that way its outside their network and can go straight to the internet.
I have never done this before ... so does anyone know if this would work? Any config guides or explanations would be great.
So the WLC itself doesn't have to reside outside the Core SW ... it can still be connected to the Core SW via a trunk config to allow only the wlan vlans and just have the guest interface be configured to use the ASA dmz interface as the DF Gateway ... is this correct?
We run port 1 of the guest anchor on the trusted network, and port 2 is connected to a "DMZ" type zone. Foreign anchor traffic terminates on port 1, and guest internet traffic flows out port 2. Not sure if this is officially supported by Cisco, but it works.
Often times, when you hear about a controller in the DMZ, it is part of a pair of internal/external controllers. The internal controller sits within your network and a guest wlan tunnels to the external(dmz) controller (which doesn't actually have any APs on it).
If you have only one controller, then doing either the trunked vlan, or port 2 straight to the DMZ will work.
I often see the guest in VLAN 10 (for example), and instead of vlan 10 having a routed interface on the network, it is only layer 2 with a port in access vlan10 that connects to the DMZ of the firewall.
Transferring Crash file from standby:
Login to the Active WLC in HA.
(Cisco Controller) >transfer upload datatype crash
(Cisco Controller) >transfer upload filename <Desired filename>
(Cisco Controller) >transfer up...
This is the start of a display filter cross reference between Wireshark and OmniPeek.
The 1st installment is a table of advanced filters. More filters will be added as time allows.
It is a living doc, so check back for changes every so often
Please feel ...
I have created a Powershell script to automatically add a Wireless Guest User on Cisco WLCs. (tested on 2500 Series)
The script should be completely self explanatory.
Powershell SNMP Module (Install-Module -Name SNMP)
SNMP Write Access to...