Sure. Let me find my notes. Here they are: a.) Log in to your Cisco Wireless Controller b.) Go to Controller/Internal DHCP Server/DHCP Scope, click your scope and take a note of your DNS servers. In my case these were 8.8.8.8 and 8.8.4.4. Usually you have only two DNS servers, but it is also possible to set three. c.) Go to Controller > Interfaces and take a note of your virtual address. d.) Go to Security, Access Control Lists, Access Control Lists. e.) Create a new Access Control List by clicking New. Name it Pre-Auth-ACL. f.) Click the name of the newly created ACL. g.) Add the following five rules, while keeping their order. 1. Permit, Source 0.0.0.0/0.0.0.0, Destination: 0.0.0.0/0.0.0.0, Protocol: Any, Source port: Any, Dest port: Any, Direction: outbound. 2. Permit, Source 0.0.0.0/0.0.0.0, Destination: (your virtual address)/0.0.0.0, Protocol: Any, Source port: Any, Dest port: DNS, Direction: inbound. 3. Permit, Source 0.0.0.0/0.0.0.0, Destination: (your primary DNS)/0.0.0.0, Protocol: Any, Source port: Any, Dest port: DNS, Direction: inbound. 4. Permit, Source 0.0.0.0/0.0.0.0, Destination: (your secondary DNS)/0.0.0.0, Protocol: Any, Source port: Any, Dest port: DNS, Direction: inbound. (If you have a third DNS, add it here) 5. Deny, Source 0.0.0.0/0.0.0.0, Destination: 0.0.0.0/0.0.0.0, Protocol: Any, Source port: Any, Dest port: Any, Direction: inbound. h. Go to WLANS, Select your guest network, Select Security, Layer 3, and set the newly created ACL as Preauthentication ACL for IPv4.
... View more