Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

configure exceptions from Webauthentication

Hi,

is there a possibility to use a single SSID for guest access using primarily Webauthentication and adding exception for certain ip addresses or URL's so that a connection to e.g. cisco.com or a VPN gateway can be established without authentication but everything else needs authentication? We are using 4402 controllers with sw version 5.1.151.0.

3 REPLIES
New Member

Re: configure exceptions from Webauthentication

you should be able to use a pre-authentication ACL for this very task. iirc create an ACL in security then apply ACL in the web authetication.

New Member

Re: configure exceptions from Webauthentication

i set up the follwoing ACL and applied it to the webauthentication preauthentication ACL:

(MUCWCO04) >show acl detailed "No authentication"

1 Out 192.168.11.0/255.255.255.0 213.70.140.107/255.255.255.255 Any 0-65535 0-65535 Any Permit 0

2 In 213.70.140.107/255.255.255.255 192.168.11.0/255.255.255.0 Any 0-65535 0-65535 Any Permit 0

DenyCounter : 2037

but if i try to ping 213.70.140.107 it's not working and i just see the deny counters increasing. As soon as i log in as guest user it's working fine. Is there anything wrong on the ACL?

New Member

Re: configure exceptions from Webauthentication

i just mixed up inbound and outbound. It's working fine now.

143
Views
0
Helpful
3
Replies
CreatePlease to create content