11-02-2011 04:48 AM - edited 07-03-2021 09:01 PM
Hi,
I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.
I can get MAC auth working by iteself, but not with the Layer 3 option selected for web page auth on mac filter failure.
I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic.
Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?
11-02-2011 09:38 AM
Hi,
Yes..CSCts54424 Web auth on mac filter failure does not work properly with anchor WLAN
Please open a TAC case and we can see if we can give you an image with the FIX.
Thanks..Salil
11-23-2011 05:55 AM
I'm hitting this bug too, when can we expect a fix.
Thanks
11-24-2011 04:05 AM
The target is the 7.0 release that will come after 7.0.220. It's targeted for February.
You can probably get a workaround/solution by opening a TAC case
11-24-2011 05:27 AM
Hi Nicolas,
I guess they changed their mind to add this fix in 7.0MR3. Now the fix will be in 7.2 release planned to be release in FEB.
There is a documentation bug opened to add this to configuration guide :
CSCtw48727 Document CSCts54424. Limitations webauth on mac filter fail for anchor
Regards..Salil
11-28-2011 05:13 AM
Documentation bug makes me apprehensive about a proper fix. Will Cisco fix the bug so that this feature works across mobility anchors? Or will they s l e a z e it out and simply update the documentation to say it doesn't work?
12-08-2011 06:41 AM
FYI
7.2 will not run on the 4400 series WLC.
Only the Documentation will be updated for the 7.0.
Be aware that as it stands the "on MAC failure" feature has more limitations. With the current code the selection of the "on MAC failure" is exclusive to the other options within the Web Policy. For example: You cannot have the client "pass-though" on MAC failure. Feature request CSCtw73512 is opened for this - it is not scheduled for any release yet.
Aparently this feature was added for one specific customer to solve one specific need.
IMHO although this feature is potentally extremly useful - in its current form it should not have been made available in the gereral public release.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide