WLAN with Web Authentication

Unanswered Question
Nov 18th, 2008

Just hoping somebody can help me with this. I have just been handed a Cisco 2100 series Wireless LAN controller and an Aironet 1131AG access point. I have two weeks to set this up. The company already has five 1121 series in place with no controller. My task is to setup the controller to run all of them and essentially setup a seamless wireless network with web authentication. The company is a clinic, so the authentication needs to be setup with guest access restricted to internet only and preferrably one login for all of the doctors and nurses to have access. I have downloaded the manuals for this and frankly, it's all a bit confusing to me with no training in CISCO. I guess in a way I'm asking for a bit of a walk-through or at least a good push into getting it started. I realize this is asking a lot but any and all help would be greatly appreciated.

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
areiner21472 Tue, 11/18/2008 - 12:58

Thank you for the reply. The upgrade doc I'm sure will be very helpful.

I have the system up and running and web authentication setup and working with specific user logins. Now here is where I get absolutely stumped. I need to have on guest account with access to nothing but the internet. I think I have a grasp on how to setup the ACL but I have no idea how to apply it to a specific username.

Scott Fella Tue, 11/18/2008 - 16:33

Well you should have another dynamic interface created for Guest users and this is where you will specify WebAuth. This interface can be put on the same network or onto a different internet connection. You would create an ACL on the layer 3 interface to deny traffic from x.x.x.x guest subnet to x.x.x.x internal subnet. If you have internal users and guest users on the same subnet using WebAuth, there is no way to deny certain users only internet traffic.

areiner21472 Wed, 11/19/2008 - 10:25

Ok, I now have the WLAN setup for the internal folks who need it. Thank you for the advice on that. Disabled the web policy and just went straight to a WPA security setup.

When trying to setup the dynamic interface, however, it keeps telling me "IP information conflicts with another interface".

The controller has an AP-Manager interface, a Management interface and a Virtual interface. All three of these have individual static IP adddresses. The IP address that I tried to setup the Guest Access interface on is not in use by any other interface or anything else on the network. I just don't have any idea what I'm doing wrong with this part.


This Discussion