You are here: Captive Portal for Guest Access > Configuring a WLAN SSID for Guest Access
Previous TopicNext Topic

Configuring a WLAN SSID for Guest Access

You create an SSID for guest access by using the Instant UI or CLI:

In the Instant UI

1. In the Networks tab of the Instant main window, click the New link. The New WLAN window is displayed.
2. Enter a name that uniquely identifies a wireless network in the Name (SSID) text box.
3. Based on the type of network profile, specify the Primary usage as Guest.
4. Click the Show advanced options link. The advanced options for configuration are displayed.
5. Enter the required values for the following configuration parameters:

Table 1: WLAS SSID Configuration Parameters for Guest Network

Parameters Description


Select any of the following values under Broadcast filtering:

l All—When set to All, the IAP drops all broadcast and multicast frames except DHCP and ARP.
l ARP—When set to ARP, the IAP converts ARP requests to unicast and send frames directly to the associated client.
l Disabled— When set to Disabled, all broadcast and multicast traffic is forwarded.
DTIM interval

The DTIM interval indicates the delivery traffic indication message (DTIM) period in beacons, which can be configured for every WLAN SSID profile. The DTIM interval determines how often the IAP should deliver the buffered broadcast and multicast frames to associated clients in the powersave mode. The default value is 1, which means the client checks for buffered data on the IAP at every beacon. You can also configure a higher DTIM value for power saving.

Multicast transmission optimization

Select Enabled if you want the IAP to select the optimal rate for sending broadcast and multicast frames based on the lowest of unicast rates across all associated clients. When this option is enabled, multicast traffic can be sent at up to 24 Mbps. The default rate for sending frames for 2.4 GHz is 1 Mbps and 5.0 GHz is 6 Mbps. This option is disabled by default.

Dynamic multicast optimization

Select Enabled to allow IAP to convert multicast streams into unicast streams over the wireless link. Enabling Dynamic Multicast Optimization (DMO) enhances the quality and reliability of streaming video, while preserving the bandwidth available to the non-video clients.

DMO channel utilization threshold

Specify a value to set a threshold for DMO channel utilization. With DMO, the IAP converts multicast streams into unicast streams as long as the channel utilization does not exceed this threshold. The default value is 90% and the maximum threshold value is 100%. When the threshold is reached or exceeds the maximum value, the IAP sends multicast traffic over the wireless link.

NOTE: When you enable DMO on multicast SSID profiles, ensure that the DMO feature is enabled on all SSIDs configured in the same VLAN.

Transmit Rates

Specify the following parameters:

l 2.4 GHz—If the 2.4 GHz band is configured on the IAP, specify the minimum and maximum transmission rate. The default value for minimum transmission rate is 1 Mbps and maximum transmission rate is 54 Mbps.
l 5 GHz—If the 5 GHz band is configured on the IAP, specify the minimum and maximum transmission rate. The default value for minimum transmission rate is 6 Mbps and maximum transmission rate is 54 Mbps.

Specify the zone for the SSID. When the zone is defined in SSID profile and if the same zone is defined on an IAP, the SSID is created on that IAP. For more information on configuring zone details on an IAP, see Configuring Zone Settings on an IAP.

The following constraints apply to the zone configuration:

l An IAP can belong to only one zone and only one zone can be configured on an SSID.
l If an SSID belongs to a zone, all IAPs in this zone can broadcast this SSID. If no IAP belongs to the zone configured on the SSID, the SSID is not broadcast.
l If an SSID does not belong to any zone, all IAPs can broadcast this SSID.
Bandwidth Limits

Select any of the following checkboxes to specify the bandwidth limit:

l Airtime—Select this checkbox to specify an aggregate amount of airtime that all clients in this network can use for sending and receiving data. Specify the airtime percentage.
l Each user— Select this checkbox to specify a throughput for any single user in this network. Specify the throughput value in Kbps.
l Each radio— Select this checkbox to specify an aggregate amount of throughput that each radio is allowed to provide for the connected clients.
Wi-Fi Multimedia (WMM) traffic management

Configure the following options for WMM traffic management. WMM supports voice, video, best effort, and background access categories. To allocate bandwidth for the following types of traffic, specify a percentage value under Share. To configure DSCP mapping, specify a value under DSCP Mapping.

l Background WMM: For background traffic such as file downloads or print jobs.
l Best effort WMM — For best effort traffic such as traffic from legacy devices or traffic from applications or devices that do not support QoS.
l Video WMM — For video traffic generated from video streaming.
l Voice WMM— For voice traffic generated from the incoming and outgoing voice communication.

For more information on WMM traffic and DSCP mapping, see Wi-Fi Multimedia Traffic Management

Content filtering

Set to Enabled to route all DNS requests for the non-corporate domains to OpenDNS on this network.

Band Select a value to specify the band at which the network transmits radio signals. You can set the band to 2.4 GHz, 5 GHz, or All. The All option is selected by default.
Inactivity timeout Specify a timeout interval. If a client session is inactive for the specified duration, the session expires and the users are required to log in again. The minimum value is set to 60 seconds and the default value is 1000 seconds.
Hide SSID Select the checkbox if you do not want the SSID (network name) to be visible to users
Disable SSID

Select to the checkbox to disable the SSID. On selecting this checkbox, the SSID is disabled, but not removed from the network. By default, all SSIDs are enabled.

Can be used without Uplink Select the checkbox if you do not want the SSID users to use uplink.
Max clients threshold

Specify the maximum number of clients that can be configured for each BSSID on a WLAN in the text box. You can specify a value within the range of 0 to 255. The default value is 64.

Local probe request threshold

Specify a threshold value in the Local probe request threshold text box to limit the number of incoming probe requests. When a client sends a broadcast probe request frame to search for all available SSIDs, this option controls system response for this network profile and ignores probe requests if required. You can specify a Received signal strength indication (RSSI) value within range of 0 to 100 dB.

6. Click Next to configure VLAN settings. The VLAN tab contents are displayed.
7. Select any for the following options for Client IP assignment:
Virtual Controller assigned—On selecting this option, the client obtains the IP address from the Virtual Controller.
Network assigned—On selecting this option, the IP address is obtained from the network.
8. Based on the type client IP assignment mode selected, you can configure the VLAN assignment for clients as described in the following table:

Table 2: IP and VLAN Assignment for WLAN SSID Clients

Client IP Assignment Client VLAN Assignment

Virtual Controller assigned

If the Virtual Controller assigned is selected for client IP assignment, the Virtual Controller creates a private subnet and VLAN on the IAP for the wireless clients. The network address translation for all client traffic that goes out of this interface is carried out at the source. This setup eliminates the need for complex VLAN and IP address management for a multi-site wireless network.

On selecting this option, the following client VLAN assignment options are displayed:

l Default: When selected, the default VLAN as determined by the Virtual Controller is assigned for clients.
l Custom: When selected, you can specify a custom VLAN assignment option. You can select an existing DHCP scope for client IP and VLAN assignment or you can create a new DHCP scope by selecting New. For more information on DHCP scopes, see Configuring DHCP Scopes.

Network assigned

If the Network assigned is selected, you can specify any of the following options for the Client VLAN assignment.

l Default— On selecting this option, the client obtains the IP address in the same subnet as the IAPs. By default, the client VLAN is assigned to the native VLAN on the wired network.
l Static— On selecting this option, you need to specify a single VLAN, a comma separated list of VLANS, or a range of VLANs for all clients on this network. Select this option for configuring VLAN pooling.
l Dynamic— On selecting this option, you can assign the VLANs dynamically from a Dynamic Host Configuration Protocol (DHCP) server. To create VLAN assignment rules, click New to assign the user to a VLAN. In the New VLAN Assignment Rule window, enter the following information:
l Attribute— Select an attribute returned by the RADIUS server during authentication.
l Operator— Select an operator for matching the string.
l String— Enter the string to match
l VLAN— Enter the VLAN to be assigned.
9. Click Next to configure internal or external captive portal authentication, roles and access rules for the guest users.

In the CLI

To configure WLAN settings for an SSID profile:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# essid <ESSID-name>

(Instant AP)(SSID Profile <name>)# type <Guest>

(Instant AP)(SSID Profile <name>)# broadcast-filter <type>

(Instant AP)(SSID Profile <name># dtim-period <number-of-beacons>

(Instant AP)(SSID Profile <name>)# multicast-rate-optimization

(Instant AP)(SSID Profile <name>)# dynamic-multicast-optimization

(Instant AP)(SSID Profile <name>)# dmo-channel-utilization-threshold

(Instant AP)(SSID Profile <name>)# a-max-tx-rate <rate>

(Instant AP)(SSID Profile <name>)# a-min-tx-rate <rate>

(Instant AP)(SSID Profile <name>)# g-max-tx-rate <rate>

(Instant AP)(SSID Profile <name>)# g-min-tx-rate <rate>

(Instant AP)(SSID Profile <name>)# zone <zone>

(Instant AP)(SSID Profile <name>)# bandwidth-limit <limit>

(Instant AP)(SSID Profile <name>)# per-user-bandwidth-limit <limit>

(Instant AP)(SSID Profile <name>)# air-time-limit <limit>

(Instant AP)(SSID Profile <name>)# wmm-background-share <percentage-of-traffic_share>

(Instant AP)(SSID Profile <name>)# wmm-best-effort-share<percentage-of-traffic-share>

(Instant AP)(SSID Profile <name>)# wmm-video-share <percentage-of-traffic_share>

(Instant AP)(SSID Profile <name>)# wmm-voice-share <percentage-of-traffic_share>

(Instant AP)(SSID Profile <name>)# rf-band {<2.4>|<5.0>|<all>}

(Instant AP)(SSID Profile <name>)# content-filtering

(Instant AP)(SSID Profile <name>)# hide-ssid

(Instant AP)(SSID Profile <name>)# inactivity-timeout <interval>

(Instant AP)(SSID Profile <name>)# work-without-uplink

(Instant AP)(SSID Profile <name>)# local-probe-req-thresh <threshold>

(Instant AP)(SSID Profile <name>)# max-clients-threshold <number-of-clients>

To manually assign VLANs for WLAN SSID users:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name># vlan <vlan-ID>


To enforce DHCP-based VLAN assignment:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name># enforce-dhcp

To create a new VLAN assignment rule:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# set-vlan <attribute>{equals|not-equals| starts-with| ends-with| contains|matches-regular-expression} <operator> <VLAN-ID>| value-of}