01-10-2011 12:18 PM - edited 07-03-2021 07:38 PM
Hi All,
If I have multiple guest SSID's on a single controller and I use NGS as the Radius. How do I configure NGS to "send" the clients to differnet login pages corresponding to the SSID they came from.
I can configure different splash pages in HotSpots section but how do I map the different SSID's from the controller to the different splash pages. Then I guess that raises the question when I generate guest users on NGS is it possile to only allow them associate to a specific SSID.
TIA,
Eoin.
01-10-2011 11:39 PM
Hi,
this is actually a WLC question.
On each SSID, you have the layer 3 security page.
When you enable web authentication, you can select "override global configuration". There you can configure different hotspots URL for each SSID.
I hope it helps.
Nicolas
01-12-2011 03:11 AM
Hi Nicolas,
Thanks for the reply. I can see that config on the WLC and have used it before where there is only a single guest SSID. What I dont know is if the NAC Guest server sees radius requests coming from different guest SSID's on the same WLC. How does the NAC Guest server apply the correct guest policy to that user. And when sponsors genereate guest accounts how do they specific which policy is to be applied to that guest so it can only get access to a specfic guest network/SSID I'm not sure where the "mapping" of accounts/splash pages/policies takes place on the NAC guest server. I've only ever set up NAC Guest when there has been a single guest SSID.
Regards,
Eoin.
01-14-2011 06:27 AM
Is your Guest Server also acting as radius ? Or only web portal ?
If only web portal, my answer is the right one. Each SSID uses a different webpage on the NGS.
If you want to authorize user (radius auth) from the NGS itself, then you need to use custom attributes to detect ssids. Is that what you are looking for ?
I'd need to search if that's possible
Nicolas
01-14-2011 06:33 AM
Hi Nicolas,
Yes the Nac Guest Server will also store the guest accounts locally and perform authentication. I think this is possible by IP address but I can't see how I can specify that a specific user can only logon to a specific portal.
I.E I only want login X to be able loging into web portal X only and not other portals Y,Z ... e.t.c. Thus gaining access to guest areas I dont want it to access.
01-16-2011 01:29 PM
It seems guest roles is the way to achieve this. Didn't spot it earlier:
05-14-2012 07:30 AM
Friend has already accomplished this task using a CAM, CAM is now no possible?
Having GUEST + ACS.
05-25-2012 10:22 AM
Is there a document that explains how RADIUS attribute format should look like?
I am trying to support 2 Guest SSID's, each mapped to a different interface-name/vlan-id on the 5508 and want to use this as a way to enforce the right user is mapped to the right interface.
06-05-2015 12:26 PM
Did you manage to get the attribute format that can restrict guest roles to specific SSID?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: