Why is Web Page Auth on MAC Filter Failure not working on Anchor Controller?
I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.
I can get MAC auth working by iteself, but not with the Layer 3 option selected for web page auth on mac filter failure.
I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic.
Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?
Re: Why is Web Page Auth on MAC Filter Failure not working on An
Documentation bug makes me apprehensive about a proper fix. Will Cisco fix the bug so that this feature works across mobility anchors? Or will they s l e a z e it out and simply update the documentation to say it doesn't work?
Why is Web Page Auth on MAC Filter Failure not working on Anchor
7.2 will not run on the 4400 series WLC.
Only the Documentation will be updated for the 7.0.
Be aware that as it stands the "on MAC failure" feature has more limitations. With the current code the selection of the "on MAC failure" is exclusive to the other options within the Web Policy. For example: You cannot have the client "pass-though" on MAC failure. Feature request CSCtw73512 is opened for this - it is not scheduled for any release yet.
Aparently this feature was added for one specific customer to solve one specific need.
IMHO although this feature is potentally extremly useful - in its current form it should not have been made available in the gereral public release.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...