NAC Guest Server and Multiple Guest SSID's/Splashpages

Unanswered Question
Jan 10th, 2011

Hi All,

If I have multiple guest SSID's on a single controller and I use NGS as the Radius. How do I configure NGS to "send" the clients to differnet login pages corresponding to the SSID they came from.

I can configure different splash pages in HotSpots section but how do I map the different SSID's from the controller to the different splash pages. Then I guess that raises the question when I generate guest users on NGS is it possile to only allow them associate to a specific SSID.

TIA,

Eoin.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Nicolas Darchis Mon, 01/10/2011 - 23:39

Hi,

this is actually a WLC question.

On each SSID, you have the layer 3 security page.

When you enable web authentication, you can select "override global configuration". There you can configure different hotspots URL for each SSID.

I hope it helps.

Nicolas

eoinwhite Wed, 01/12/2011 - 03:11

Hi Nicolas,

Thanks for the reply. I can see that config on the WLC and have used it before where there is only a single guest SSID. What I dont know is if the NAC Guest server sees radius requests coming from different guest SSID's on the same WLC. How does the NAC Guest server apply the correct guest policy to that user. And when sponsors genereate guest accounts how do they specific which policy is to be applied to that guest so it can only get access to a specfic guest network/SSID I'm not sure where the "mapping" of accounts/splash pages/policies takes place on the NAC guest server. I've only ever set up NAC Guest when there has been a single guest SSID.

Regards,

Eoin.

Nicolas Darchis Fri, 01/14/2011 - 06:27

Is your Guest Server also acting as radius ? Or only web portal ?

If only web portal, my answer is the right one. Each SSID uses a different webpage on the NGS.

If you want to authorize user (radius auth) from the NGS itself, then you need to use custom attributes to detect ssids. Is that what you are looking for ?

I'd need to search if that's possible

Nicolas

eoinwhite Fri, 01/14/2011 - 06:33

Hi Nicolas,

Yes the Nac Guest Server will also store the guest accounts locally and perform authentication. I think this is possible by IP address but I can't see how I can specify that a specific user can only logon to a specific portal.

I.E I only want login X to be able loging into web portal X only and not other portals Y,Z ... e.t.c. Thus gaining access to guest areas I dont want it to access.

jonmarso_07 Mon, 05/14/2012 - 07:30

Friend has already accomplished this task using a CAM, CAM is now no possible?


Having GUEST + ACS.

rupert.wever Fri, 05/25/2012 - 10:22

Is there a document that explains how RADIUS attribute format should look like?

I am trying to support 2 Guest SSID's, each mapped to a different interface-name/vlan-id on the 5508 and want to use this as a way to enforce the right user is mapped to the right interface.

Actions

Login or Register to take actions

This Discussion

Posted January 10, 2011 at 12:18 PM
Stats:
Replies:7 Avg. Rating:5
Views:1642 Votes:0
Shares:0
Tags: nac, server, guest
+

Related Content

Discussions Leaderboard