moibeats
asked on
WLC - wireless clients can't get dhcp
I am trying to set up a wireless network using WLC 4404 and various access points. We need two wireless networks, one for our corporate users and one for guest. I have the corporate one up and running correctly, however, I am having problems with guest network.
Right now, we have various stand alone access points through out the network. They all have two networks, one for corporate and one for guest. I have set up my wireless networks authentication like the stand alone APs, the corporate users authenticate via RADIUS and guest just by wp2 psk. DHCP is being handed out by our Windows DHCP server. At this time, all is good with the stand alone APs. We are however, in the process of going completely lwap and want to convert all the APs so they are managed via the WLC.
Right now when a guest access the lan, they put in the shared password, then they get a dhpc address from our DHCP server that gives them a private ip address but it sets their dns server to an external public dns server. Once the guest connects and gets the proper DHCP parameters our 6509 router ( which the wlc is connected to) has a policy route map that points the traffic out of our ASA. So when a guest connects they get pushed out from the 6509 to our ASA then the outside world. This makes it so tha that guest users cant access our internal lan.
This works great on our stand alone APs, however, the weirdness starts when I try to use the same route map on the new Guest lan. On the new guest lan I can't seem to get an ip address, if i remove the route map, it works fine, but we need that. In addition, if i connect to the current guest lan and then connect to the new guest lan, it works. I guess the pc is caching the dhcp info. I need to be able to keep the route map and get dhcp to work.
Both the new and current guest lans are configured with the same authenticaton parameters, but only the current guest can get dhcp.
Config on the 6509
interface vlan222
description Guest Wireless VLAN
ip address 10.10.10.1 255.255.255.0
ip helper-address 50.50.10.110 - (dhcp server
ip policy route-map INTERNET_ONLY
rout policy map
route-map INTERNET_ONLY permit 10
match ip address 12 (acl 2 permit ip any)
set ip next-hop 50.10.10.3 (asa)
Any help would be appriciated. Thanks.
Moises
ccnp security
Right now, we have various stand alone access points through out the network. They all have two networks, one for corporate and one for guest. I have set up my wireless networks authentication like the stand alone APs, the corporate users authenticate via RADIUS and guest just by wp2 psk. DHCP is being handed out by our Windows DHCP server. At this time, all is good with the stand alone APs. We are however, in the process of going completely lwap and want to convert all the APs so they are managed via the WLC.
Right now when a guest access the lan, they put in the shared password, then they get a dhpc address from our DHCP server that gives them a private ip address but it sets their dns server to an external public dns server. Once the guest connects and gets the proper DHCP parameters our 6509 router ( which the wlc is connected to) has a policy route map that points the traffic out of our ASA. So when a guest connects they get pushed out from the 6509 to our ASA then the outside world. This makes it so tha that guest users cant access our internal lan.
This works great on our stand alone APs, however, the weirdness starts when I try to use the same route map on the new Guest lan. On the new guest lan I can't seem to get an ip address, if i remove the route map, it works fine, but we need that. In addition, if i connect to the current guest lan and then connect to the new guest lan, it works. I guess the pc is caching the dhcp info. I need to be able to keep the route map and get dhcp to work.
Both the new and current guest lans are configured with the same authenticaton parameters, but only the current guest can get dhcp.
Config on the 6509
interface vlan222
description Guest Wireless VLAN
ip address 10.10.10.1 255.255.255.0
ip helper-address 50.50.10.110 - (dhcp server
ip policy route-map INTERNET_ONLY
rout policy map
route-map INTERNET_ONLY permit 10
match ip address 12 (acl 2 permit ip any)
set ip next-hop 50.10.10.3 (asa)
Any help would be appriciated. Thanks.
Moises
ccnp security
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.