Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

New Guest wireless questions

Hi all.

We curently have a corporate WiSM estate that anchors a guest wireless network to a 4402 controller sat within a DMZ.  This then uses a custom web bundle for local user authentication, the users which are added by any receptionists at either of two sites.

What is being proposed now, which I could be right in thinking is impossible due to the porposal interfering with our current guest setup, is that an additional internal custom page be added for a different SSID (am I right in thinking that the controller can only use one internal web authentication page?) and have users authenticating using a RADIUS authentication instead of local users.  This, without interfering with the existing local user authentication policy on the original guest wireless.

Then there is the suggestion of having users get IP addresses on different subnets on a per site basis for audit purposes.  I understand AP Group VLANs can do this (we currently have this on our 3 centralised WiSMs), but as no access points associate to the anchor controller itself, any AP group VLANs would sit there redundantly, right?  It was suggested to have differernt VLANs per site, but our current guest setup is a blanket subnet for the entirity of the WLAN and is the way I had envisioned this new SSID to be configured.

AP Group VLANs where they would be negated, different Web Authentication policy for different SSIDs and then the authentication itself being handled by a new RADIUS server instead of the local user policy currently in place for an existing SSID... HELP!!!


Re: New Guest wireless questions

Later code, 5.2 and beyond, allow for 21 different custom web pages.  16 for Wireless guests and 5 for Wired guest access.  So that part is easy enough, you just create the pages you want put them all in the same tarball, and then per WLAN you are able to go in and override the global config and select the page you want those users to see.

  For your other thought, you would need to use different WLAN per site if you need to have different VLANs.

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
CreatePlease to create content