cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

297
Views
4
Helpful
2
Replies
Highlighted
Beginner

webauth - private IP to public IP

I'm looking for a solution/advice to our webauth WLAN. When a user connects, I want them to get a private IP. Once they hit the authentication page and logon, I want them to get a public IP. I have a lot of devices connected to the WLAN, but they're not authenticated. They're just occupying space in the dhcp pool.

I've been thinking about doing this with ACS, but wanted to know if there's any other alternatives.

Any input would be appreciated.

Sent from Cisco Technical Support iPad App

2 REPLIES 2
Cisco Employee

webauth - private IP to public IP

Making one thing clear : if you want to change the ip address of the client, you're on the wrong track.

WLC webauth requires the client to already have an ip address. So you cannot change the client ip after he authenticated, otherwise he'll have to reauthenticate again.

How about natting ? I'm no natting expert, but wireless client traffic will only hit the network once they authenticated so then maybe you could do some dynamic natting to a public ip ?

Last thing : the behavior you are looking for might be offered by NAC where the client will start in a "untrusted" vlan which can only do webauth on clean access (not on the WLC due to the ip issue of point 1) and move to a trusted vlan after that.

Beginner

Re: webauth - private IP to public IP

That clears things up. I knew you could do it with 802.1x, makes sense because you don't get an IP til after your credentials are verified. With webauth, was wondering how you could do it without kicking the client offline.

I'll get with our cisco rep about the NAC. Was wondering if it could do something similar to what I want.

NATing is our very last option. Tracking out RIAA tickets via NAT is a bit of a struggle. I've thought about getting the NAC/ISE profiler and putting smartphones/idevices on privates and NATing those. As there less susceptible to viruses and infringements.

Thanks for the info.

Sent from Cisco Technical Support iPad App

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards