Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

New Guest wireless questions

Unanswered Question
Aug 31st, 2010
User Badges:

Hi all.

We curently have a corporate WiSM estate that anchors a guest wireless network to a 4402 controller sat within a DMZ.  This then uses a custom web bundle for local user authentication, the users which are added by any receptionists at either of two sites.

What is being proposed now, which I could be right in thinking is impossible due to the porposal interfering with our current guest setup, is that an additional internal custom page be added for a different SSID (am I right in thinking that the controller can only use one internal web authentication page?) and have users authenticating using a RADIUS authentication instead of local users.  This, without interfering with the existing local user authentication policy on the original guest wireless.

Then there is the suggestion of having users get IP addresses on different subnets on a per site basis for audit purposes.  I understand AP Group VLANs can do this (we currently have this on our 3 centralised WiSMs), but as no access points associate to the anchor controller itself, any AP group VLANs would sit there redundantly, right?  It was suggested to have differernt VLANs per site, but our current guest setup is a blanket subnet for the entirity of the WLAN and is the way I had envisioned this new SSID to be configured.

AP Group VLANs where they would be negated, different Web Authentication policy for different SSIDs and then the authentication itself being handled by a new RADIUS server instead of the local user policy currently in place for an existing SSID... HELP!!!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Stephen Rodriguez Tue, 08/31/2010 - 12:31
User Badges:
  • Purple, 4500 points or more

Later code, 5.2 and beyond, allow for 21 different custom web pages.  16 for Wireless guests and 5 for Wired guest access.  So that part is easy enough, you just create the pages you want put them all in the same tarball, and then per WLAN you are able to go in and override the global config and select the page you want those users to see.

  For your other thought, you would need to use different WLAN per site if you need to have different VLANs.


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode