NAC Guest Server and Multiple Guest SSID's/Splashpages

Unanswered Question
Jan 10th, 2011
User Badges:

Hi All,

If I have multiple guest SSID's on a single controller and I use NGS as the Radius. How do I configure NGS to "send" the clients to differnet login pages corresponding to the SSID they came from.

I can configure different splash pages in HotSpots section but how do I map the different SSID's from the controller to the different splash pages. Then I guess that raises the question when I generate guest users on NGS is it possile to only allow them associate to a specific SSID.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Nicolas Darchis Mon, 01/10/2011 - 23:39
User Badges:
  • Cisco Employee,


this is actually a WLC question.

On each SSID, you have the layer 3 security page.

When you enable web authentication, you can select "override global configuration". There you can configure different hotspots URL for each SSID.

I hope it helps.


eoinwhite Wed, 01/12/2011 - 03:11
User Badges:

Hi Nicolas,

Thanks for the reply. I can see that config on the WLC and have used it before where there is only a single guest SSID. What I dont know is if the NAC Guest server sees radius requests coming from different guest SSID's on the same WLC. How does the NAC Guest server apply the correct guest policy to that user. And when sponsors genereate guest accounts how do they specific which policy is to be applied to that guest so it can only get access to a specfic guest network/SSID I'm not sure where the "mapping" of accounts/splash pages/policies takes place on the NAC guest server. I've only ever set up NAC Guest when there has been a single guest SSID.



Nicolas Darchis Fri, 01/14/2011 - 06:27
User Badges:
  • Cisco Employee,

Is your Guest Server also acting as radius ? Or only web portal ?

If only web portal, my answer is the right one. Each SSID uses a different webpage on the NGS.

If you want to authorize user (radius auth) from the NGS itself, then you need to use custom attributes to detect ssids. Is that what you are looking for ?

I'd need to search if that's possible


eoinwhite Fri, 01/14/2011 - 06:33
User Badges:

Hi Nicolas,

Yes the Nac Guest Server will also store the guest accounts locally and perform authentication. I think this is possible by IP address but I can't see how I can specify that a specific user can only logon to a specific portal.

I.E I only want login X to be able loging into web portal X only and not other portals Y,Z ... e.t.c. Thus gaining access to guest areas I dont want it to access.

jonmarso_07 Mon, 05/14/2012 - 07:30
User Badges:

Friend has already accomplished this task using a CAM, CAM is now no possible?

Having GUEST + ACS.

rupert.wever Fri, 05/25/2012 - 10:22
User Badges:

Is there a document that explains how RADIUS attribute format should look like?

I am trying to support 2 Guest SSID's, each mapped to a different interface-name/vlan-id on the 5508 and want to use this as a way to enforce the right user is mapped to the right interface.

shijogeorge Fri, 06/05/2015 - 12:26
User Badges:
  • Bronze, 100 points or more

Did you manage to get the attribute format that can restrict guest roles to specific SSID?


This Discussion



Trending Topics - Security & Network