09-17-2012 04:12 PM - edited 07-03-2021 10:41 PM
Is it possible to rename the default webauthentication URL from https://1.1.1.1/login.html to something like https://wlc/login.html. We are running on
7.0.98.0, is it possible to do http for web authentication and https for Mgmt access if we upgrade the controller software?
We configured our guest wireless with no layer 2 authetication so users can associate with an AP and get an ip adress but they can't go anywhere unless they have a valid username and password(web authentication) - does this affect the performance of an AP since there will be many people associated with each AP, is there any setting in the WLC to de associate a client from an AP if its idle for certain time.
Thanks
Siddhartha
Solved! Go to Solution.
09-17-2012 04:44 PM
Hi,
No, by changing the 1.1.1.1 to a wlc/login.html opens you to a host of other issues. Is there a reason why you would want to do this?
If you upgrade to 7.2 code, it supports HTTPS on management and http for web. 7.0 doesnt support this.
No, the client will associate to the ap, grab and IP address and just sit there until either the controller kicks him off or the client walks away. No there is no setting that you can change without impacting something else. Again, not an issue.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
09-18-2012 01:04 AM
Like George mentioned, that can't be changed in the wlc. The thing is, I believe if you have a trusted certificate and you also have a reverse lookup in dns that it will actually show the dns entry instead of the VIP address.
Sent from Cisco Technical Support iPhone App
09-18-2012 07:39 AM
haha... well this is a question that everyone is asking. What you will see in the forum is that the Cisco recommended is 25 per AP. Now it varies on your applications and throughput required. Web and html only, you can have 50+. Video or huge uploads or downloads, you can have maybe around 4. Your gigabit or 10/100 port is your bottleneck, so you can decide how much oversubscribing you want.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
09-18-2012 08:51 AM
Hi Sid
You can limit what SSIDs are broadcast by an AP by creating the AP groups and assigning SSID you want for that group. For example the APs in the warehouse and office can be in separate AP groups and only the APs in the office will have the Guest SSID. To avoid unathorized Guest clients using up the dhcp scope, I suggest that you set the dhcp lease time to 30mins or less. However, on the guest SSID, the session timeout can be increased for authenticated guests, so that they do not keep logging back in after 30mins.
09-18-2012 09:02 AM
Here is a note:
The bandwidth contract feature is enhanced so that rate limits can be defined on both upstream and downstream traffic. Rate limits can be defined per SSID and/or specified as a maximum rate limit for all clients. These rate limits can be individually configured. This feature is supported on AP1140, AP1040, AP3500, AP3600, AP1250, and AP1260. In centrally switched WLANs, the downstream traffic is rate limited by the controller and the upstream is rate limited by the APs. In local switched WLANs, both upstream and downstream are traffic are rate limited by the APs.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn73.html
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
09-17-2012 04:44 PM
Hi,
No, by changing the 1.1.1.1 to a wlc/login.html opens you to a host of other issues. Is there a reason why you would want to do this?
If you upgrade to 7.2 code, it supports HTTPS on management and http for web. 7.0 doesnt support this.
No, the client will associate to the ap, grab and IP address and just sit there until either the controller kicks him off or the client walks away. No there is no setting that you can change without impacting something else. Again, not an issue.
__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
09-18-2012 01:04 AM
Like George mentioned, that can't be changed in the wlc. The thing is, I believe if you have a trusted certificate and you also have a reverse lookup in dns that it will actually show the dns entry instead of the VIP address.
Sent from Cisco Technical Support iPhone App
09-18-2012 07:35 AM
Thanks George and Scott.
"No, by changing the 1.1.1.1 to a wlc/login.html opens you to a host of other issues. Is there a reason why you would want to do this?"
No special reason, just trying to find out.
"I believe if you have a trusted certificate and you also have a reverse lookup in dns that it will actually show the dns entry instead of the VIP address."
unfortunately using internal DNS servers is not an option for us. We are pointing all the guest users to public DNS server and can't access any of the internal resources (DNS or DHCP- controller is acting as a DHCP server for guests)
How many clients can associate with an access point whithout impacting its performance, is there a limit.
Siddhartha
09-18-2012 07:39 AM
haha... well this is a question that everyone is asking. What you will see in the forum is that the Cisco recommended is 25 per AP. Now it varies on your applications and throughput required. Web and html only, you can have 50+. Video or huge uploads or downloads, you can have maybe around 4. Your gigabit or 10/100 port is your bottleneck, so you can decide how much oversubscribing you want.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
09-18-2012 07:45 AM
Thanks Scott, in our case the clients will associate with the access point and get an ip address but can't do anything unless they have a valid username and password(web auth).So for example there are 100 clients associated with an AP on Guest SSID but sitting idle since they don't have a valid username and password does this affect the lagitimate users on the other SSIDs?
and also is it possible to brodacst an SSID (Guest) through the access points at one lacation (office) and not through the APs at a different location (Warehouse), can we do this through WLC.
Siddhartha
09-18-2012 08:51 AM
Hi Sid
You can limit what SSIDs are broadcast by an AP by creating the AP groups and assigning SSID you want for that group. For example the APs in the warehouse and office can be in separate AP groups and only the APs in the office will have the Guest SSID. To avoid unathorized Guest clients using up the dhcp scope, I suggest that you set the dhcp lease time to 30mins or less. However, on the guest SSID, the session timeout can be increased for authenticated guests, so that they do not keep logging back in after 30mins.
09-18-2012 09:00 AM
Osita is correct. The other thing you can do is set the QoS bandwidth policy to set the max downstream for guest. In 7.3 you can set both.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
09-18-2012 09:02 AM
Here is a note:
The bandwidth contract feature is enhanced so that rate limits can be defined on both upstream and downstream traffic. Rate limits can be defined per SSID and/or specified as a maximum rate limit for all clients. These rate limits can be individually configured. This feature is supported on AP1140, AP1040, AP3500, AP3600, AP1250, and AP1260. In centrally switched WLANs, the downstream traffic is rate limited by the controller and the upstream is rate limited by the APs. In local switched WLANs, both upstream and downstream are traffic are rate limited by the APs.
http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn73.html
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
09-20-2012 10:51 AM
Thasnk Osita and Scott.
I didn't know about the bandwidth contract feature, will check it out.
Siddhartha
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide