Solved

Cisco WCL5500 Web authentication for guest network

Posted on 2012-04-11
7
456 Views
Last Modified: 2012-05-01
i have configure wireless access with web authentication for guest network.
i'm able to grap IP and autheticate at web but cannot go internet..

previously the setup in the network is in layer 3 vlan, now we remove all vlan. and we need to reconfigure the wireless ssid.

does the traffic have to go through core switch with vlan routing..? or the guest traffic can just natted to manegement interface to internet..?


tks
0
Comment
Question by:hell_angel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 12

Assisted Solution

by:ryan80
ryan80 earned 250 total points
ID: 37832508
if you have multiple SSIDs, you will need to use VLANs to separate the traffic. Additionally this is the secure was to do it.
0
 

Author Comment

by:hell_angel
ID: 37832577
can i use 1 of the interface at controller and connect to my firewall..? from there  i can create new zone..

Vlan is not an option for customer at this point of time..
0
 
LVL 12

Expert Comment

by:ryan80
ID: 37832735
If the Access point is only going to be used for the guest wifi, than you can do that. If you need to have multiple SSIDs on the one AP, then you will need VLANs.

If you can plug it directly in to the firewall, the firewall might be able to use VLANS (most small business firewalls can) and trunking.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:hell_angel
ID: 37833297
this going to be multiple ssid, for internal staff users and guest..
so only VLAN on core switch is possible..?
0
 
LVL 12

Expert Comment

by:ryan80
ID: 37833317
you should be able to just use VLANs on the firewall as long as the guest SSID only needs internet access.
0
 

Author Comment

by:hell_angel
ID: 37833354
but my firewall just still need to have connection to controller directly right?
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 250 total points
ID: 37834029
If you connect the controller to the firewall directly you will need to create ap-manager interfaces for each port you connect to the network.  This will mean you have to disable LAG and is a nightmare if you've never done it before.

Create an interface and assign a new VLAN ID for the Guest traffic on the controller and set that as the interface on your Guest SSID.  The trunk you already have from the controller to the core will pass traffic on the new VLAN (providing you haven't pruned any).  Create the new VLAN at your core but with NO SVI.  Attach a new interface from your Firewall to the new VLAN and give it an IP address so clients use the firewall as their gateway (this disables routing across your core by guest users but lets them route via the firewall).
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question