Controllerless Networks

Hi all,

I have a cluster of 4 IAP-205. In the network I have some VLANs, and the WiFi management VLAN is the 10 (192.168.10.X/24). So I give to the IAPs IP addresses in this VLAN and set "enet-vlan=10". The enterprise SSID with WPA2-PSK security in VLAN 100 works fine.

But theres is a big problem with the Guest SSID with "Virtual Controller assigned" IP address. When a client connect to this SSID it obtain a correct IP address, but it doesn't able to navigate. I try with Captive Portal: the client can reach the Captive Portal Login Page, but when it click "login" it can't reach Internet. I try also with Open SSID and also in this case the client can't surf the net.

The IAPs can ping Internet, so there in not a problem in the firewall ACL or in the DNS setting because the Captive Portal page is showned.

I temporarily "solve" the issue in this way: I give to the IAPs an IP address on VLAN 1 (192.168.1.x/24) and set "enet-vlan=1". With these settings also the Guest SSID works fine, both with Captive Portal that with Open SSID.

So, I think that this is an issue of "ENET-VLAN" settings. Can anyone cofirm my suggestion? There is a way to have IAPs on VLAN 10 and have a Guest SSID working?

Thanks,

Massimo

When you use Virtual controller assigned, the user traffic is Natted out of the ip address of the Virtual Controller.  If the Virtual Controller ip address does not allow access to the internet, guest traffic with Virtual Controller assigned ip addresses will also not be able to go out to the internet, either.

Hi Colin,

thanks for your reply. I know that the user traffic is Natted out of the ip address of the Virtual Controller, in fact in the firewall ACL there is nothing that can block this. As I wrote in the previous message, I check if the VC can reach Internet: I ping "www.google.com" from the ssh console of VC and it is ok. So this is not a problem related to Internet access of VC.