configure exceptions from Webauthentication

amadeus · ‎12-15-2008

Hi,

is there a possibility to use a single SSID for guest access using primarily Webauthentication and adding exception for certain ip addresses or URL's so that a connection to e.g. cisco.com or a VPN gateway can be established without authentication but everything else needs authentication? We are using 4402 controllers with sw version 5.1.151.0.

p.blakeway · ‎12-15-2008

you should be able to use a pre-authentication ACL for this very task. iirc create an ACL in security then apply ACL in the web authetication.

amadeus · ‎12-16-2008

i set up the follwoing ACL and applied it to the webauthentication preauthentication ACL:

(MUCWCO04) >show acl detailed "No authentication"

1 Out 192.168.11.0/255.255.255.0 213.70.140.107/255.255.255.255 Any 0-65535 0-65535 Any Permit 0

2 In 213.70.140.107/255.255.255.255 192.168.11.0/255.255.255.0 Any 0-65535 0-65535 Any Permit 0

DenyCounter : 2037

but if i try to ping 213.70.140.107 it's not working and i just see the deny counters increasing. As soon as i log in as guest user it's working fine. Is there anything wrong on the ACL?

amadeus · ‎01-05-2009

i just mixed up inbound and outbound. It's working fine now.