The configuration of a Public Spot can be greatly simplified if the payload data sent from the WLAN to the controller is routed through a WLC tunnel. A Public Spot can, for example, provide guests with Internet access in parallel with, but separated from, an internal wireless LAN.
In this example, the employees of a company have access to a private WLAN (SSID), while the guests use a Public Spot to access the Internet. In all areas of the building, the access points provide two SSIDs,COMPANY and GUESTS.
Image Removed
Image Added
The aim of the configuration:
A WLAN client that associates with the internal SSID should have access to all internal resources and the Internet via the central gateway. The access points break-out the payload data from the internal clients locally and pass it on directly to the LAN. The guests' WLAN clients associate with the Public Spot.
The access points send the payload data from the guest clients through a WLC tunnel directly to the WLAN controller, which uses a separate WAN interface for Internet access.
Procedure:
1. The internal WLAN and the guest WLAN each require an entry to be created in the list of logical networks, each with a suitable name and the corresponding SSID. Link the SSID for internal use with
the
the LAN at AP, and the SSID for guests with (for example) WLC-TUNNEL-1.
In
In LANconfig you find this setting under WLAN Controller
->
→ Profiles
->
→ Logical WLAN networks (SSIDs).
Image Removed
Image Added
Disable encryption for the guest network SSID so that the guests' WLAN clients can associate with the Public Spot. You should also prevent inter-station traffic for this SSID.
Image Removed
Image Added
2. Create an entry in the list of physical WLAN parameters with the appropriate settings for your access points, such as the
country
country Europe with the channels 1, 6 and 11 in 802.11b/g/n and 802.11a/n/ac in mixed mode.
For this profile in the physical WLAN parameters,enable the option to turn on the VLAN module on the access points. Set the operating mode for the management VLAN in the access points to Untagged.
In
In LANconfig you find this setting under WLAN Controller
->
→ Profiles
->
→ Physical WLAN parameters.
Image Removed
Image Added
3. Create a WLAN profile and give it a suitable name. Then assign the logical WLAN networks and the physical WLAN parameters created previously to this WLAN profile.
In
In LANconfig you find this setting under WLAN Controller
->
→ Profiles
->
→ WLAN profiles.
Image Removed
Image Added
4. For each managed access point, create an entry in the access point table with a suitable name and the associated MAC address. Assign the WLAN profile created previously to this access point.
In
In LANconfig you find this setting under WLAN Controller
->
→ AP config
->
→ Access point table.
Image Removed
Image Added
5. Verify that the logical LAN
interface
interface WLC-tunnel-1 is not allocated to a bridge group. This ensures that the other LAN interfaces do not transmit any data to the Public Spot.
In
In LANconfig you find this setting under Interfaces
->
→ LAN
->
→ Port table.
Image Removed
Image Added
6. For internal users, create the IP
network
network INTRANET with (for example) the IP address 192.168.1.100, interface assignment LAN-1 and the interface tag '1'.
For the guest access, create the IP
network
network GUEST-ACCESS with (for example) the IP address of 192.168.200.1, interface assignment WLC-TUNNEL-1 and the interface tag '2'. The virtual router in the WLAN controller uses the interface tags to separate the routes for the two networks.
In
In LANconfig you find this setting under IPv4
->
→ General
->
→ IP networks.
Image Removed
Image Added
Image Removed
Image Added
7. The WLAN controller can act as
a
a DHCP server for access points and the associated WLAN clients. To set this up, activate the DHCP server for the INTRANET and the GUEST-ACCESS.
In
In LANconfig you find this setting under IPv4
->
→ DHCPv4
->
→ DHCP networks.
Info:
Hinweis
Activation of the DHCP server is obligatory for the guest network and optional for the internal network. There are other ways of realizing a DHCP server for the internal network.
Image Removed
Image Added
8. Activate the Public Spot user authentication for the logical LAN
interface
interface WLC-Tunnel-1. In LANconfig you find this setting under Public Spot
->
→ Server
->
→ Operational settings
->
→ Interfaces.
Image Removed
Image Added
9. The final step is
to
to enable authentication via the Public Spot for the WLAN controller. In LANconfig you find this setting under Public Spot
->
→ Authentication.
Image Removed
Image Added
Info:
Info
In further configuration steps, you must configure an Internet connection on the WLAN controller.
In addition to configuring the WLAN controller, you must also configure the Public Spot either to use the internal user list or to use a RADIUS server, according to your needs.
