12-15-2008 07:00 AM - edited 07-03-2021 04:53 PM
Hi,
is there a possibility to use a single SSID for guest access using primarily Webauthentication and adding exception for certain ip addresses or URL's so that a connection to e.g. cisco.com or a VPN gateway can be established without authentication but everything else needs authentication? We are using 4402 controllers with sw version 5.1.151.0.
12-15-2008 01:53 PM
you should be able to use a pre-authentication ACL for this very task. iirc create an ACL in security then apply ACL in the web authetication.
12-16-2008 12:52 AM
i set up the follwoing ACL and applied it to the webauthentication preauthentication ACL:
(MUCWCO04) >show acl detailed "No authentication"
1 Out 192.168.11.0/255.255.255.0 213.70.140.107/255.255.255.255 Any 0-65535 0-65535 Any Permit 0
2 In 213.70.140.107/255.255.255.255 192.168.11.0/255.255.255.0 Any 0-65535 0-65535 Any Permit 0
DenyCounter : 2037
but if i try to ping 213.70.140.107 it's not working and i just see the deny counters increasing. As soon as i log in as guest user it's working fine. Is there anything wrong on the ACL?
01-05-2009 04:46 AM
i just mixed up inbound and outbound. It's working fine now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: