Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Local Guest Breakout

Hi Cisco Support Community,

 

I have a question regarding local guest breakout scenario.

Hope this hasn't been discussed a thousand times before.

I currently facing the following scenario.

The current guest access is solved by using the HQ Controller as the Anchor for the Guest SSID at the Branch offices.

The guest vouchers will be created at the Prime LobbyAmbassador Webinterface and will be rolled out at the HQ Contoller since it acts as the guest anchor for the SSID and provides the  captive portal.

Now the plan is to minimize the guest load traffic over the WAN.

Therefore we like to local breakout the guest traffic for each branch office locally.

1) I thought about connecting one port of each branch controller to the local internet breakout firewall.

2) Than disabling the anchoring for the guest SSID.

3) Does this mean the captive portal webpage have to be installed on each of the branch controllers?

4) Does this also mean that the redirect to the captive portal 1.1.1.1 will heading to the local captive portal for each location?

5) Do I also have to install a Certificate for each controller to prevent the users from getting SSL errors every time.

6) The lobby ambassador should rollout the guest user on all controllers or i have to configure a lobby ambassador user for every controller.

 

Or do you guys have alternative ideas to realize a local breakout scenario for the guest SSID?

Many thanks for your support.

Greetings

WiFi_Newbie

2 REPLIES
Hall of Fame Super Silver

Let me try to answer your

Let me try to answer your questions:

1) I thought about connecting one port of each branch controller to the local internet breakout firewall.

> You can do that and since you want the guest to egress at each location, you configure it similar to how your wlc is setup at your HQ

2) Than disabling the anchoring for the guest SSID.

> You would need to disable anchoring for that SSID

3) Does this mean the captive portal webpage have to be installed on each of the branch controllers?

> Yes it does

4) Does this also mean that the redirect to the captive portal 1.1.1.1 will heading to the local captive portal for each location?

> This doesn't matter, you can keep it the same,  you will need to upload the certificate if you are using one, but thats about it.

5) Do I also have to install a Certificate for each controller to prevent the users from getting SSL errors every time.

> Yes you do, since the WLC will be hosting the splash page

6) The lobby ambassador should rollout the guest user on all controllers or i have to configure a lobby ambassador user for every controller.

> This is up to you... if users will go to the other sites, then yes, or else you just need to enroll a user to a defined site.

-Scott
*** Please rate helpful posts ***
Community Member

Hey Scott,thank you for the

Hey Scott,

thank you for the quick response to this discussion.

I just like to inform you that I will give a try to set up this solution at the customers site.

I will keep you informed about my results.

Thanks for your support in advance.

 

Greetings

WiFi_Newbie

422
Views
5
Helpful
2
Replies
CreatePlease to create content