Guest Access with Anchor Controller

Unanswered Question
Aug 14th, 2009
User Badges:

I have several controllers spread through europe and one anchor at the central site - will be 2 at least in future. I want to run one guest access SSID for the whole company with the same name. All data is send to the central anchor controller and users are authenticated by ACS over a webauthentication page. All this works fine except the following need:

I want to run different languages on this one SSID for the webauthentication page, but I do not have any means to see, where the user is coming from (from what AP, on what controller, from which country, etc.).

The only way I would see is, to implement a database with all AP MAC addresses and - based on the ap_mac paramter from the guest access url - give them their login page in their language. The problem is, doing anchoring, this MAC is always all ZEROs.

Anyone any hint if this is a bug or any other idea how to do different login, logout pages for ONE SSID ?

PS: Sorry for posting this in the security discussion :-(

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jeromehenry_2 Fri, 08/14/2009 - 07:18
User Badges:
  • Silver, 250 points or more


I don't know how your authentication page is set (local to the central controller or external), but couldn't you filter (if you can do such filtering) based on the IP address of the foreign controller? In the mobility tunnel, the source is the foreign controller, so you can determine which country the tunnel is coming from...

Not sure on how you can filter from this, but it might be an idea...

guardian-de Fri, 08/14/2009 - 07:38
User Badges:

It is set on the anchor controller - not external. I cannot filter, because I do not get any parameters from the foreign controller given to the login page. I solved this right now asking a javascript guy to help me and we set up a page with language switching. This works for now, but would be much easier if cisco implements some parmeter given to the url like the "Configured Country" Domain (DE,PL,HU, etc.) from the foreign controller.


This Discussion



Trending Topics - Security & Network