Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
962
Views
5
Helpful
6
Replies

Web authentication across multiple WLCs

James Smith
Level 1
Level 1

‎08-13-2013 05:25 AM - edited ‎07-04-2021 12:38 AM

G'day All,

I've got a simple wireless deployment where there are 2 active WLCs to load balance AP count between the 2. I need to create a simple guest network, so the web auth and lobby ambassador setup is the go, but I am not sure how to only have the one web-auth and lobby ambassador setup working across the 2 WLCs. Obviously a single WLC is straight forward, but it is possible to have a single instance of the web-auth working across the 2 active controllers. I don't want to have to create guest accounts on both WLCs.

Thanks and all help is always greatly appreciated guys.

Ta.

JS.

Labels:
0 Helpful
6 Replies 6

Marco Gonzalez
Level 1
Level 1

‎08-13-2013 06:27 AM

Sure this can be done,

On this setup, you are sending all the information from the clients connected to the WLANs that are being anchored to the anchor controller and then you put this traffic on the network so, the authentication process will take place on the anchor controller; this means that the data base that you are going to use for authentication (the local user list in this case) has to be located on the anchor side. So, since Loby Ambassador is just going to add entries to the controlle's database you just need to have the Loby Ambassador setup on the anchor side.

If you have questions just let me know

Best regards,

Marco Gonzalez

Cisco TAC TL

James Smith
Level 1
Level 1
In response to Marco Gonzalez

‎08-13-2013 05:33 PM

Thanks Marco, and thanks for the prompt response.

So it is just a simple guest anchor setup. I have done this previously with the anchor in a dmz, but the anchor did not have any APs registered to it.

So I understand the mobility anchoring of the WLAN on 'foreign' wlc to the anchor,  and the local anchoring of the WLAN on the anchor WLC, but if the anchor also has APs registered to it, is there anything that needs to be configured??

Thanks

JS

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame

‎08-13-2013 08:03 PM

It's not a normal setup, but you can always anchor an ssid to one wlc if you want. No other special configurations at all. Treat the guests said like how you would a dmz wlc even though it will also have APs.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

James Smith
Level 1
Level 1
In response to Scott Fella

‎08-18-2013 05:42 PM

Thanks for the reply Scott.

I should have this deployed in the next week or so, so I'll try to report back with my experience.

Just for my knowledge, when you say it isn't a normal set up for a guest anchoring, are you able to give me a run down on what a normal setup should look like.

Thanks

JS

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to James Smith

‎08-19-2013 01:59 PM

Well, typically if you want a single location for guest, you would have a dedicated wlc in the dmz and tunnel traffic from your internal wcs to the guest dmz wlc. Depending on how many guest you will have, you can use a 2504 running v7.4 or later or a 5508-12.

Here is a link

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch10GuAc.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Abhishek Abhishek
Cisco Employee
Cisco Employee

‎08-19-2013 01:40 PM

Hello,

As per your query i can suggest  you the following solution-

Yes, this is possible to have a single instance of the web-auth working across the 2 active controllers

Hope this will help you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card