We have a WLC 4404 with version 220.127.116.11 of the firmware/software.
We use it to control the wireless network on our campus, we basically have 2 WLANs defined, one authenticated (using Radius [AAA]) and one not authenticated which is only turned on when needed (when we host some event).
At the moment both these WLANs use the same address space, we will hopefully split it soon since that is better from a security point of view.
I would like to create an 'externalacl' for our squid proxy (script/program) that when handed an IP address can go to the WLC and find out what username was used to authenticate.
Does the WLC provide any interface to this information?
We also have an NCS so if it provides the interface that is also fine....
The other option I see is getting the information from the Radius server that the WLC uses, the only problem with that is that the WLC does not send Logout messages to the radius server (or the radius server doesn't interpret them properly/something wasn't setup correctly).
This would result in a user on the unauthenticated WLAN that got the same IP as an authenticated user got earlier being treated like the authenticated user by squid (since radius still has an entry saying Login on IP by user).
There is no integration without having to look for yourself per say.
Why not exclude the upper address on your dhcp scope you currently use. Then on the guest SSID you can use the internal dhcp on the wlc. You just need to use dhcp override and use the management ip address of the wlc. This way you can create an externalACL since you know what the ip address range will be. Make sense?
Sent from Cisco Technical Support iPhone App
*****Help out other by using the rating system and marking answered questions as "Answered"*****
We are moving! Please use WLCCA Forum for updates and discussions
[toc:faq] Wireless LAN Controller (WLC) Config Analyzer Download Click
here to Download To request access, send an e-mail to
firstname.lastname@example.org. Please include your Cisco.com userna...
[toc:faq] IntroductionHere is the step by step process that we have to
take care of while converting LWAPP to IOS and then vice versa..LWAPP to
IOSThe hardware used = 1141 AP (make sure we are using the right
[toc:faq] Introduction AnyConnect Secure Mobility Client 3.0: Network
Access Manager & Profile Editor on Windows Summary Use the Cisco
AnyConnect Network Access Manager Profile Editor to build custom
profiles for the AnyConnect Secure Mobility Client. App...