https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216995#M277095 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1126219">@nickydd9</a>&nbsp;</P> <P>For external guest portal you need Access List in order to redirect, This could be possible by adding one line on the ACL for the printer. This way the redirect wouldn´t happen. </P> <P>Now, internal web portal, I dont believe is possible. I believe the second alternative is the one to follow.</P> <P>&nbsp;</P> Tue, 29 Oct 2024 19:03:20 GMT Flavio Miranda 2024-10-29T19:03:20Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216986#M277091 <P>I am running a Catalyst 9800 WLC on 17.12.3 and have an SSID currently setup and working for local web authentication. When users attempt to connect, they are presented with the web auth portal and must enter the username and password of the guest account we have created for them to connect.&nbsp;</P><P>I have a potential requirement of adding a non-standard device to this SSID wirelessly which is a printer. The printer won't be able to access the web auth portal GUI to enter any credentials, so I was wondering if there is a method to whitelist one specific client to bypass the local web authentication and connect to the SSID. Perhaps a MAC address bypass?&nbsp;</P><P>My other solution would be to have a separate SSID for this with MAC filtering enabled that maps to the same VLAN as the existing SSID, but I'd rather not broadcast a new SSID if I don't have to.&nbsp;</P> Tue, 29 Oct 2024 18:37:06 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216986#M277091 nickydd9 2024-10-29T18:37:06Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216988#M277093 <P>If you using ISE or Radius, you can use MAB for this kind of requirement, yes you can also consider other SSID if you like for the different IP address VLAN to segment the Printers.</P> <P>example :</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213922-configure-mac-authentication-ssid-on-cis.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213922-configure-mac-authentication-ssid-on-cis.html</A></P> <P>&nbsp;</P> Tue, 29 Oct 2024 18:40:04 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216988#M277093 balaji.bandi 2024-10-29T18:40:04Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216991#M277094 <P>I am not using ISE, so is a second SSID with MAC filtering my only option?</P> Tue, 29 Oct 2024 18:45:08 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216991#M277094 nickydd9 2024-10-29T18:45:08Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216995#M277095 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1126219">@nickydd9</a>&nbsp;</P> <P>For external guest portal you need Access List in order to redirect, This could be possible by adding one line on the ACL for the printer. This way the redirect wouldn´t happen. </P> <P>Now, internal web portal, I dont believe is possible. I believe the second alternative is the one to follow.</P> <P>&nbsp;</P> Tue, 29 Oct 2024 19:03:20 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5216995#M277095 Flavio Miranda 2024-10-29T19:03:20Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5217112#M277109 <P>Given Local WebAuth your best option would be seperate SSID for the printer</P> Wed, 30 Oct 2024 02:38:15 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5217112#M277109 Haydn Andrews 2024-10-30T02:38:15Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5217202#M277116 <P>Different SSID -&nbsp; May&nbsp; be explore option MAC filtering :</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_mab_auth_bypass.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/config-guide/b_wl_17_3_cg/m_mab_auth_bypass.html</A></P> Wed, 30 Oct 2024 08:09:17 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5217202#M277116 balaji.bandi 2024-10-30T08:09:17Z https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5217210#M277118 <P><SPAN>As&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/178747">@Flavio Miranda</a>&nbsp; mention you can create a access-list and&nbsp; separate SSID</SPAN><SPAN>&nbsp; with mac filtering for printer.</SPAN></P><P><SPAN>*** Please rate helpful posts ***</SPAN></P> Wed, 30 Oct 2024 08:31:17 GMT https://community.cisco.com/t5/wireless/whitelist-a-single-client-to-bypass-local-web-authentication/m-p/5217210#M277118 srimal99 2024-10-30T08:31:17Z