cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
658
Views
0
Helpful
9
Replies
Highlighted
Beginner

Anchor with multiple foreign controllers - webauth issues

I have searched and found many similar topics but none relating to the exact question.

 

We have a customer who has five sites with a foreign controller per site and a single, central guest anchor.

Due to known limitations using a guest anchor solution with web auth (the external webauth redirect URL does not include the "ap_mac" because the anchor is not able to know the ap_mac!), we have to hard code the ap_mac on to the end of the external webauth URL), This is fine for a one-to-one foreign / anchor setup.

 

However, because we need to identify each site when it hits our external captive portal splash page,  this causes us a problem because the customer wants a single (same) SSID on each of the sites.

 

So, although its possible to have a WLAN with the same SSID on each foreign controller (as they are all separate), I need to have five WLANs with the same SSID on the guest anchor all with different external webauth URLs.

 

Then, on the guest anchor I can have five WLANs each with their own unique external webauth URL under the Layer 3 settings, like:

 

Site 1: https://my-portal.com/?ap_mac=aa-xx-xx-xx-xx-aa

Site 2: https://my-portal.com/?ap_mac=bb-xx-xx-xx-xx-bb

 

and so on. Hopefully this makes sense.

 

Would the VLAN select feature help here, so I can have the same SSID on all but someone map to a different WLAN when it reaches the anchor? Any other thoughts on how to achieve this?

 

Any help/thoughts would be much appreciated.

 

Thanks

 

James

 

Everyone's tags (7)
9 REPLIES 9
VIP Mentor

Re: Anchor with multiple foreign controllers - webauth issues

Hi James,

 

There is a feature called "foreign mapping", see if that helps in your scenario

https://mrncciew.com/2013/03/24/auto-anchor-foreign-mapping/

 

HTH

Rasika

*** Pls rate all useful responses ***

Beginner

Re: Anchor with multiple foreign controllers - webauth issues

Makes sense but the bit I am unsure about is how to have multiple WLAN profiles on the guest anchor and make each WLAN on the individual foreigns map to this particular WLAN so I run a webauth per foreign WLC if that explains. So basically:

 

Site 1 (foreign WLC):

WLAN SSID  = Guest

 

Site 2 (foreign WLC):

WLAN SSID  = Guest

 

Site 3 (foreign WLC):

WLAN SSID  = Guest

 

So the same SSID on all foreigns which are all mapped to the single guest anchor.

 

On the guest anchor, I want 3 different WLANs (with the same SSID) but all have different layer 3 web auth URLs and the like.

 

Is this doable with foreign mappings even though the SSIDs are the same?

 

 

Cheers

Beginner

Re: Anchor with multiple foreign controllers - webauth issues

Hi Rasika

Just hoping you can help with your expert knowledge of WLCs. It really is appreciated so I can move forward.

Thanks

James
VIP Mentor

Re: Anchor with multiple foreign controllers - webauth issues

Hi James,

 

I do not think you can do that using WLCs itself. 

 

If you got CMX, there is a feature "Connect & Engage" where you can present different custom portal based on the AP location/site

 

HTH

Rasika

Beginner

Re: Anchor with multiple foreign controllers - webauth issues

Thanks for the reply. Even using CMX however, with guest anchor, the anchor controller loses the AP Name/MAC visibility over the mobility tunnel, so it doesn't really have anything unique to use as a site identifier?

Thanks
VIP Mentor

Re: Anchor with multiple foreign controllers - webauth issues

With CMX, you will get AP location/site information via Prime. So if you want to present different custom portal based on where users connect, you can do that.

 

See below "Connect & Engage" page where you can assign different portal based on  campus/ building/ floor/ zone information. See below labminute video to see how you can do it.

http://www.labminutes.com/rs0112_prime_31_cmx_10_2_connect_engage_2

CMX-Connect.png

 

Not sure, if it helps in your scenario, may worth to explore it further.

 

HTH

Rasika

*** Pls rate all useful responses ***

Beginner

Re: Anchor with multiple foreign controllers - webauth issues

Thanks. The customers don't use Prime/CMX so I need to see if there is a way to do this another way.

Does the WLAN have to be configured exactly the same on both foreign and guest for it to work?

For example, if I have 3 foreign controllers (one per site) and a single anchor controller, with the same WLAN (and SSID) configured on each foreign, could I have 3 different WLANs on the anchor and get them to map to one of these based on a VLAN id or interface etc? Or does it always have to match the same (single) WLAN profile?

Thanks
VIP Mentor

Re: Anchor with multiple foreign controllers - webauth issues

You need to have same WLAN name on anchor controller (you can have different WLAN ID in foreign & anchor)

 

HTH

Rasika

Beginner

Re: Anchor with multiple foreign controllers - webauth issues

Understood, so no way to have multiple WLANs at all on the anchor (one per foreign)?

 

In fact, I don't really need different WLAN's, what I need is a different layer 3 external webauth URL per foreign. Any other suggestions?

 

Thank you

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards