Cisco Cisco Aironet 350 Mini-PCI Wireless LAN Client Adapter Guia Do Desenho

The configurations above establishes a WLAN with no security policies. Guest traffic passes through 
the anchor controller to the inside or untrusted interface of the Cisco NAC Appliance, where it is blocked 
until the user has authenticated.

DHCP can be hosted locally on the controller or externally via the NAC Appliance or dedicated server.

Its beyond the scope of this chapter to address Cisco NAC Appliance or other external access control 
platform specific configurations. See the specific platform documentation for additional configuration 
guidelines.

The guest access service is working correctly if a user:

Can associate to the guest WLAN

Receives an IP address via DHCP

Opens their browser and is redirected to the web authentication page

Enters their credentials and connects to the Internet (or other authorized upstream services)

The following verifications and troubleshooting tasks assume the following:

The solution is using the web authentication functionality resident in the anchor controller(s).

User credentials are created and stored locally on the anchor controller(s).

Before attempting to troubleshoot the various symptoms below, at the very least you should be able to 
ping from the campus (foreign) controller to the anchor controller(s). If not, verify routing.

Next, you should be able to perform the following advanced pings. These can only be performed via the 
serial console interfaces of the controllers:

mping neighbor WLC ip 

This pings the neighbor controller through the LWAPP control channel.

eping neighbor WLC ip

This pings the neighbor controller through the LWAPP data channel.

If a standard ICMP ping goes through, but mpings do not, ensure that the default mobility group name 
of each WLC is the same, and ensure that the IP, MAC, and mobility group name of each WLC is entered 
in the mobility members list of every WLC.