[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 474
  • Last Modified:

Cisco WCL5500 Web authentication for guest network

i have configure wireless access with web authentication for guest network.
i'm able to grap IP and autheticate at web but cannot go internet..

previously the setup in the network is in layer 3 vlan, now we remove all vlan. and we need to reconfigure the wireless ssid.

does the traffic have to go through core switch with vlan routing..? or the guest traffic can just natted to manegement interface to internet..?


tks
0
hell_angel
Asked:
hell_angel
  • 3
  • 3
2 Solutions
 
ryan80Commented:
if you have multiple SSIDs, you will need to use VLANs to separate the traffic. Additionally this is the secure was to do it.
0
 
hell_angelAuthor Commented:
can i use 1 of the interface at controller and connect to my firewall..? from there  i can create new zone..

Vlan is not an option for customer at this point of time..
0
 
ryan80Commented:
If the Access point is only going to be used for the guest wifi, than you can do that. If you need to have multiple SSIDs on the one AP, then you will need VLANs.

If you can plug it directly in to the firewall, the firewall might be able to use VLANS (most small business firewalls can) and trunking.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
hell_angelAuthor Commented:
this going to be multiple ssid, for internal staff users and guest..
so only VLAN on core switch is possible..?
0
 
ryan80Commented:
you should be able to just use VLANs on the firewall as long as the guest SSID only needs internet access.
0
 
hell_angelAuthor Commented:
but my firewall just still need to have connection to controller directly right?
0
 
Craig BeckCommented:
If you connect the controller to the firewall directly you will need to create ap-manager interfaces for each port you connect to the network.  This will mean you have to disable LAG and is a nightmare if you've never done it before.

Create an interface and assign a new VLAN ID for the Guest traffic on the controller and set that as the interface on your Guest SSID.  The trunk you already have from the controller to the core will pass traffic on the new VLAN (providing you haven't pruned any).  Create the new VLAN at your core but with NO SVI.  Attach a new interface from your Firewall to the new VLAN and give it an IP address so clients use the firewall as their gateway (this disables routing across your core by guest users but lets them route via the firewall).
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now