Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1518
Views
0
Helpful
2
Replies

Cisco WAP 551 Guest issues

JoseOlivas
Level 1
Level 1

‎02-05-2014 02:21 PM

After setting up a wap551 AP I had to set the guest VLAN ID to 1 which is on the same VLAN as my corporate users. If it is not on VLAN 1 hen it gets no internet access. Any help on is would be appreciated. I did see a post about the WAP321 with the fix being to make the VLAN 2 the managed VLAN.  Not a secure fix in my opinion.

In addition, when connecting to the guest ssid they are taken to a cisco authentication page.  My client would like them to bypass any pages as they would only have access if we provide it.   

Jose

Labels:
0 Helpful
2 Replies 2

Eric Moyers
Level 7
Level 7

‎02-06-2014 07:40 AM

I saw your post on the WAP321 thread.

I agree it is not the best solution, It can be used as a workaround. Listed below are the recommendations to security concerns.

1) Problem: If a wireless client knows the IP of the WAP and the username and password they could get into the WAP.

Solution: Setup Management Access Control to an IP outside the DHCP scope for that VLAN and have a Strong Password.

2) Problem: Management of the WAP321 can only be from an IP on the Management VLAN. (In my case 2)

Solution: Setup Management Access Control to an IP outside the DHCP scope for that VLAN and have a Strong Password.

About the authentication page: If Captive Portal (CP) is not enable this should not be happening. Did you use Captive Portal? With CP the minimum that can be enabled is a authentication page where the guest would have to use a name but no password.

But as long as CP is not enable they should be able to get directly out to Internet once the connect to the SSID.

Thanks

Eric Moyers    .:|:.:|:.

Cisco Small Business US STAC Advanced Support Engineer

Wireless Subject Matter Expert

CCNA, CCNA-Wireless

0 Helpful

JoseOlivas
Level 1
Level 1
In response to Eric Moyers

‎02-06-2014 12:49 PM

Thanks for your reply.  I am not sure if the CP is enabled or not, as I reset the system three times fighting with the guest access issues.  I will take a look at the system as soon as I am able, since it is in a remote location it will take me a bit to get access.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents