Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2178
Views
0
Helpful
9
Replies

Anchor with multiple foreign controllers - webauth issues

PWJPW
Level 1
Level 1

‎05-02-2018 12:55 AM - edited ‎07-05-2021 08:34 AM

I have searched and found many similar topics but none relating to the exact question.

 

We have a customer who has five sites with a foreign controller per site and a single, central guest anchor.

Due to known limitations using a guest anchor solution with web auth (the external webauth redirect URL does not include the "ap_mac" because the anchor is not able to know the ap_mac!), we have to hard code the ap_mac on to the end of the external webauth URL), This is fine for a one-to-one foreign / anchor setup.

 

However, because we need to identify each site when it hits our external captive portal splash page,  this causes us a problem because the customer wants a single (same) SSID on each of the sites.

 

So, although its possible to have a WLAN with the same SSID on each foreign controller (as they are all separate), I need to have five WLANs with the same SSID on the guest anchor all with different external webauth URLs.

 

Then, on the guest anchor I can have five WLANs each with their own unique external webauth URL under the Layer 3 settings, like:

 

Site 1: https://my-portal.com/?ap_mac=aa-xx-xx-xx-xx-aa

Site 2: https://my-portal.com/?ap_mac=bb-xx-xx-xx-xx-bb

 

and so on. Hopefully this makes sense.

 

Would the VLAN select feature help here, so I can have the same SSID on all but someone map to a different WLAN when it reaches the anchor? Any other thoughts on how to achieve this?

 

Any help/thoughts would be much appreciated.

 

Thanks

 

James

 

Labels:
0 Helpful
9 Replies 9

Rasika Nayanajith
VIP
VIP

‎05-02-2018 01:03 PM

Hi James,

 

There is a feature called "foreign mapping", see if that helps in your scenario

https://mrncciew.com/2013/03/24/auto-anchor-foreign-mapping/

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

PWJPW
Level 1
Level 1
In response to Rasika Nayanajith

‎05-02-2018 01:14 PM - edited ‎05-02-2018 01:27 PM

Makes sense but the bit I am unsure about is how to have multiple WLAN profiles on the guest anchor and make each WLAN on the individual foreigns map to this particular WLAN so I run a webauth per foreign WLC if that explains. So basically:

 

Site 1 (foreign WLC):

WLAN SSID  = Guest

 

Site 2 (foreign WLC):

WLAN SSID  = Guest

 

Site 3 (foreign WLC):

WLAN SSID  = Guest

 

So the same SSID on all foreigns which are all mapped to the single guest anchor.

 

On the guest anchor, I want 3 different WLANs (with the same SSID) but all have different layer 3 web auth URLs and the like.

 

Is this doable with foreign mappings even though the SSIDs are the same?

 

 

Cheers

0 Helpful

PWJPW
Level 1
Level 1
In response to Rasika Nayanajith

‎05-04-2018 12:36 AM

Hi Rasika

Just hoping you can help with your expert knowledge of WLCs. It really is appreciated so I can move forward.

Thanks

James
0 Helpful

Rasika Nayanajith
VIP
VIP
In response to PWJPW

‎05-04-2018 02:27 AM

Hi James,

 

I do not think you can do that using WLCs itself. 

 

If you got CMX, there is a feature "Connect & Engage" where you can present different custom portal based on the AP location/site

 

HTH

Rasika

0 Helpful

PWJPW
Level 1
Level 1
In response to Rasika Nayanajith

‎05-04-2018 02:30 AM

Thanks for the reply. Even using CMX however, with guest anchor, the anchor controller loses the AP Name/MAC visibility over the mobility tunnel, so it doesn't really have anything unique to use as a site identifier?

Thanks
0 Helpful

Rasika Nayanajith
VIP
VIP
In response to PWJPW

‎05-04-2018 03:10 AM

With CMX, you will get AP location/site information via Prime. So if you want to present different custom portal based on where users connect, you can do that.

 

See below "Connect & Engage" page where you can assign different portal based on  campus/ building/ floor/ zone information. See below labminute video to see how you can do it.

http://www.labminutes.com/rs0112_prime_31_cmx_10_2_connect_engage_2

CMX-Connect.png

 

Not sure, if it helps in your scenario, may worth to explore it further.

 

HTH

Rasika

*** Pls rate all useful responses ***

0 Helpful

PWJPW
Level 1
Level 1
In response to Rasika Nayanajith

‎05-11-2018 12:58 AM

Thanks. The customers don't use Prime/CMX so I need to see if there is a way to do this another way.

Does the WLAN have to be configured exactly the same on both foreign and guest for it to work?

For example, if I have 3 foreign controllers (one per site) and a single anchor controller, with the same WLAN (and SSID) configured on each foreign, could I have 3 different WLANs on the anchor and get them to map to one of these based on a VLAN id or interface etc? Or does it always have to match the same (single) WLAN profile?

Thanks
0 Helpful

Rasika Nayanajith
VIP
VIP
In response to PWJPW

‎05-11-2018 02:43 AM

You need to have same WLAN name on anchor controller (you can have different WLAN ID in foreign & anchor)

 

HTH

Rasika

0 Helpful

PWJPW
Level 1
Level 1
In response to Rasika Nayanajith

‎05-11-2018 02:55 AM

Understood, so no way to have multiple WLANs at all on the anchor (one per foreign)?

 

In fact, I don't really need different WLAN's, what I need is a different layer 3 external webauth URL per foreign. Any other suggestions?

 

Thank you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card