Due to the limitations imposed by wlc's database size, we decided to go for an external authentication server.
Since this external database is for guest access, we are considering in using a Linux box with LDAP, along with a web-based application which will be presented to the user for authentication purposes. This way, the user would type in his/her credentials on this portal and the same box would process the authentication.
In such a scenario, we would buid an application for the "Lobby Amabassadors" input the guest data (for auditing purposes we need to enter the user's SSN, passport # or any other official ID), and this application would generate the password to be used during the authentication process.
I've used web-auth before, with the users database loaded on the WLC (local net users). Even using an external web-auth portal, the user is still authenticated by the controller that in turn, will control whether the traffic is to be allowed or not, based on the authentication results.
That's exactly where our question lies: how should we configure the WLAN so that the WLC would receive the access request and forward it to the authentication portal/server? Would it envolve radius?
This same Linux would be the DHCP server for this guest WLAN.
WLC vesion: 220.127.116.11