Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
806
Views
0
Helpful
2
Replies

Flex Connect Central Auth Local Sw+WiredGuest+802.1x by the WAN

ivan.martin
Level 1
Level 1

‎08-22-2013 08:40 AM - edited ‎03-10-2019 08:48 PM

Hello my name is Ivan

I would like to authenticate users guest using wired guest through of my wireless network.

I have a deployment using flex connect in all my sites remotes. My wlc is in a site A and I try to authenticate users in a site B using wired guest.

From the guest user in the site B, he needs to see the web authentication portal (of the WLC) in the vlan guest. After the user will put the credentials of the local database of the Cisco WLC (Lobby Ambassador) to his authenticate

Flex Connect is using Central Authentication Local Switching. The vlan guest to the wired guest is the same to the wireless guest user. This vlan can not pass the wan network

Is possible to do it?

the configuration in the port of the switch is

dot1x guest-vlan supplicant

!

interface gig 0/A

switchport access vlan 50

switchport mode access

switchport voice vlan 40

ip access-group ACL-AUTENTICACION in

authentication event action fail action next-method

authentication event no-response action authorize vlan (vlan guest)

authentication host-mode multi-domain

authentication order mab dot1x webauth

authentication priority dot1x mab webauth

authentication port-control auto

authentication violation protect

mab

dot1x pae authenticator

dot1x timeout tx-period 10

spanning-tree portfast

spanning-tree bpduguard enable

!

Please could you help me.

Thanks

Ivan.

Scenary

Site A     ---------- WAN------------   Site B

Cisco WLC         FlexConnect     AP+Switch2960S+WiredGuest

WiredGuest --- must use Portal Web Authentication of the WLC

Labels:
0 Helpful
2 Replies 2

Amjad Abdullah
VIP Alumni
VIP Alumni

‎08-26-2013 12:49 AM

Hello Ivan,

I don't unfortunately have the time to look into your issue. but I just logged in to tell you that it is better to move your request to the wireless forums. I am sure they'll help you better there.

You can move your post from the right pane.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

blenka
Level 3
Level 3

‎08-27-2013 12:34 PM

Wired or Wireless

You must indicate whether you want to support wired or wireless connections, or both. If you are using a Cisco ISE Wireless License, the wired option is unavailable. These choices impact the policies that Cisco ISE creates, and also dictate other required responses. For example, if you choose wired, you can also indicate whether your network supports IP phones.

You must also indicate whether or not the wired connections are monitored or if network access must be enforced based on compliance:

Monitor generates non-compliance logs and reports, but does not require that users or devices comply with the defined policies.

In monitoring mode, posture and guest policies are ignored. If you support wired connections in monitoring mode, the Setup Assistant disables the guest and posture choices on the next page to prevent unauthorized computer and guest access.

If you support wired and wireless connections, you can enable the guest and posture features, but they will apply only to the wireless connections. The wireless connections always run in enforcement mode.

Enforce requires compliance with the defined policies.

0 Helpful
Customers Also Viewed These Support Documents