Generate one time authentication for Guest on Cisco WLC

Answered Question
Sep 11th, 2014
User Badges:

Hi All

Sorry for my question, because I just started to work with Cisco WLC.

I have created some WLAN for local users with authentication by 802.1x + Radius by certificate.

For Guest I used PSK with MAC-filtering.

But I see that is not comfortable for Guests, each time they come and want to access our wireless, we have to come and get their MAC.

 

I checked on Internet and find that the wireless solution for Hotel, Resorts are very easy.

I also googled and see that Cisco WLC support Lobby Ambassador to generate Guest username/password. But as I checked, this username/password might only use with Web-Auth, this method is not comfortable for Guest who don't know they have to go to Web-Auth to do authentication (e.g: when they only get pop3 email, or vpn, ... not use browsers)

 

Could I use this method (or another method) for creating one time Guest wireless username/password or Guest PSK that can be used for authentication when Guests click to Wireless-SSID name only (no need to open web browser to do Web-Auth).

 

Regards

Hai

Correct Answer by Sandeep Choudhary about 2 years 11 months ago

HI Hai,

Best option Gues users is alwayes is Webauth just like Hotel.

If you have Radius server(ISE) then easily you can create username and password foo guest users and send by email/message or print.

Webauth config guide:http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/

 

Regards

Dont forget to rate helpful posts

 

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Sandeep Choudhary Thu, 09/11/2014 - 23:03
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

HI Hai,

Best option Gues users is alwayes is Webauth just like Hotel.

If you have Radius server(ISE) then easily you can create username and password foo guest users and send by email/message or print.

Webauth config guide:http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/

 

Regards

Dont forget to rate helpful posts

 

 

 

 

Hai Dao Tuan Thu, 09/11/2014 - 23:49
User Badges:

Hi Choudhary

Thank you much for your information

Could I reconfirm about my concern.

With Cisco WLC, I can use WebAuth with Guest user only

If I want to use Guest user for authentication when guests connect to SSID (not by WebAuth, I means use Layer 2 security only, not Layer 3), I will have to use additional Radius Server.

And if I understand right, could you please recommend me software based Radius Server with support generate one time username/password for Guest, because I checked IAS/NPS on windows server may not have this function (ISE is not appropriate for us at this time, due to high expense)

Regards

Hai

Sandeep Choudhary Fri, 09/12/2014 - 00:40
User Badges:
  • Purple, 4500 points or more
  • Cisco Designated VIP,

    2017 Wireless

Still I will not recommand to yout to use layer 2 security.

Best option is to use layer 3 webauth and provider guest credentials via ISE(Radius server).

 

Regards

 

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode