Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3299
Views
0
Helpful
3
Replies

Generate one time authentication for Guest on Cisco WLC

Go to solution
Hai Dao Tuan
Level 1
Level 1

‎09-11-2014 08:16 PM - edited ‎07-05-2021 01:30 AM

Hi All

Sorry for my question, because I just started to work with Cisco WLC.

I have created some WLAN for local users with authentication by 802.1x + Radius by certificate.

For Guest I used PSK with MAC-filtering.

But I see that is not comfortable for Guests, each time they come and want to access our wireless, we have to come and get their MAC.

 

I checked on Internet and find that the wireless solution for Hotel, Resorts are very easy.

I also googled and see that Cisco WLC support Lobby Ambassador to generate Guest username/password. But as I checked, this username/password might only use with Web-Auth, this method is not comfortable for Guest who don't know they have to go to Web-Auth to do authentication (e.g: when they only get pop3 email, or vpn, ... not use browsers)

 

Could I use this method (or another method) for creating one time Guest wireless username/password or Guest PSK that can be used for authentication when Guests click to Wireless-SSID name only (no need to open web browser to do Web-Auth).

 

Regards

Hai

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-11-2014 11:03 PM

HI Hai,

Best option Gues users is alwayes is Webauth just like Hotel.

If you have Radius server(ISE) then easily you can create username and password foo guest users and send by email/message or print.

Webauth config guide:http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/

 

Regards

Dont forget to rate helpful posts

 

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni

‎09-11-2014 11:03 PM

HI Hai,

Best option Gues users is alwayes is Webauth just like Hotel.

If you have Radius server(ISE) then easily you can create username and password foo guest users and send by email/message or print.

Webauth config guide:http://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/

 

Regards

Dont forget to rate helpful posts

 

 

 

 

0 Helpful

Go to solution
Hai Dao Tuan
Level 1
Level 1
In response to Sandeep Choudhary

‎09-11-2014 11:49 PM

Hi Choudhary

Thank you much for your information

Could I reconfirm about my concern.

With Cisco WLC, I can use WebAuth with Guest user only

If I want to use Guest user for authentication when guests connect to SSID (not by WebAuth, I means use Layer 2 security only, not Layer 3), I will have to use additional Radius Server.

And if I understand right, could you please recommend me software based Radius Server with support generate one time username/password for Guest, because I checked IAS/NPS on windows server may not have this function (ISE is not appropriate for us at this time, due to high expense)

Regards

Hai

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to Hai Dao Tuan

‎09-12-2014 12:40 AM

Still I will not recommand to yout to use layer 2 security.

Best option is to use layer 3 webauth and provider guest credentials via ISE(Radius server).

 

Regards

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card