Cisco WCL5500 Web authentication for guest network

i have configure wireless access with web authentication for guest network.
i'm able to grap IP and autheticate at web but cannot go internet..

previously the setup in the network is in layer 3 vlan, now we remove all vlan. and we need to reconfigure the wireless ssid.

does the traffic have to go through core switch with vlan routing..? or the guest traffic can just natted to manegement interface to internet..?


tks
hell_angelEngineerAsked:
Who is Participating?
 
Craig BeckCommented:
If you connect the controller to the firewall directly you will need to create ap-manager interfaces for each port you connect to the network.  This will mean you have to disable LAG and is a nightmare if you've never done it before.

Create an interface and assign a new VLAN ID for the Guest traffic on the controller and set that as the interface on your Guest SSID.  The trunk you already have from the controller to the core will pass traffic on the new VLAN (providing you haven't pruned any).  Create the new VLAN at your core but with NO SVI.  Attach a new interface from your Firewall to the new VLAN and give it an IP address so clients use the firewall as their gateway (this disables routing across your core by guest users but lets them route via the firewall).
0
 
ryan80Commented:
if you have multiple SSIDs, you will need to use VLANs to separate the traffic. Additionally this is the secure was to do it.
0
 
hell_angelEngineerAuthor Commented:
can i use 1 of the interface at controller and connect to my firewall..? from there  i can create new zone..

Vlan is not an option for customer at this point of time..
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
ryan80Commented:
If the Access point is only going to be used for the guest wifi, than you can do that. If you need to have multiple SSIDs on the one AP, then you will need VLANs.

If you can plug it directly in to the firewall, the firewall might be able to use VLANS (most small business firewalls can) and trunking.
0
 
hell_angelEngineerAuthor Commented:
this going to be multiple ssid, for internal staff users and guest..
so only VLAN on core switch is possible..?
0
 
ryan80Commented:
you should be able to just use VLANs on the firewall as long as the guest SSID only needs internet access.
0
 
hell_angelEngineerAuthor Commented:
but my firewall just still need to have connection to controller directly right?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.