This post is to document the process of configuring Guest WIFI using Cisco Wireless LAN Controller (WLC), ideally you would configure a Anchor WLC in a DMZ and use EoIP tunnel to send all guest traffic to anchor controller. However, in this example, we only have a HA pair of WLC without the luxury of the anchor WLC.
Environment
A HA pair of Cisco Wireless LAN Controller (WLC), one active and one passive.
There is no Anchor Controller.
Guest WIFI need to configure on separate subnet and allow internet access only.
Guest WiFi SSID Configuration
Log into WLC web portal, go the “Advanced” mode, navigate to “CONTROLLER” – “Interfaces” – “New”, create the new interface within your Guest WIFI VLAN
Configure Guest WIFI interface IP
Configure your “IP Helper” – DHCP forwarding to your DHCP server
Navigate to “WLANs” – “WLANs” to create a new SSID for your Guest WIFI
Configure your SSID and matching Guest WIFI Interface
Configure Layer2 security as per business requirements, in the example here we use WPA2 password authentication.
You then map out the AP group settings with your SSID, you then broadcast SSID on those APs only.
Guest WIFI Access Control List Configuration
Create a new ACL to allow Guest WIFI to access DHCP and internet ONLY
Then attach the ACL under your Guest WIFI Interface
