Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3215
Views
0
Helpful
6
Replies

Cisco WLC Whitelist for Guest Access? and securing guest-access?

Go to solution
mberrington
Level 1
Level 1

‎08-19-2011 04:57 AM - edited ‎07-03-2021 08:36 PM

Is it possible to allow certain websites to bypass the web authentication pages, so that they do not need to autnehticate to get to our own website, but do have to if they wish to go anywhere else?

Looking at a 5508 model at the moment

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎08-19-2011 06:46 AM

You can create an ACL, then apply that to the WLAN as a Pre-Authentication ACL.  This is there to allow temporary acccess, with the need for authentication.

But at some point, the client will/should authenticate if they are going to be on the WLAN for an extended period of time.

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Stephen Rodriguez
Cisco Employee
Cisco Employee

‎08-19-2011 06:46 AM

You can create an ACL, then apply that to the WLAN as a Pre-Authentication ACL.  This is there to allow temporary acccess, with the need for authentication.

But at some point, the client will/should authenticate if they are going to be on the WLAN for an extended period of time.

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Go to solution
mberrington
Level 1
Level 1
In response to Stephen Rodriguez

‎08-19-2011 07:12 AM

Thank you, it was the name which was loosing me.

Many Thanks!

0 Helpful

Go to solution
shasanain
Level 1
Level 1
In response to Stephen Rodriguez

‎08-22-2011 07:21 PM

I am having a similar concern. We want to allow the guest user to access a portal website prior to being authenticated. As I understand, we must create a pre-auth ACL to allow DHCP, DNS, also we have to allow http to the portal IP addresses.

From your answer above, what do you need by an extended period of time? Which timer is this and what will happen if the user keeps browsing the portal without authenticating?

0 Helpful

Go to solution
chris_slaterwalker
Level 1
Level 1

‎07-19-2012 01:59 AM

Hello Stephen,

Exactly how long is "an extended period of time?" Also, is this period enforced in the controller in some way, and if so, can it be configured?

I'm asking because I have a WLAN for guests with a pre-authentication ACL allowing VPN traffic (ESP, IKE, SSL).

For "normal" use of this guest WLAN you have to click on an "accept" button on a captive portal page before you can get anywhere with traffic not matching the pre-auth ACL.

The pre-auth ACL does actually work, but it stops passing any traffic after 5 minutes of use per user. This happens every time and is 100% repeatable.

So I'm very interested to know if we can change this apparent 5 minute restriction in some way.

Thanks!

Chris Slater-Walker

Senior System Analyst

Nokia UK Ltd.

0 Helpful

Go to solution
aflbakker
Level 1
Level 1
In response to chris_slaterwalker

‎02-06-2014 12:25 AM

Has this issue ever been resolved? It looks like I'm experencing the same issues.

Grtz.

0 Helpful

Go to solution
Sandeep Choudhary
VIP Alumni
VIP Alumni
In response to aflbakker

‎02-06-2014 12:28 AM

HI,

Can you create a new thread with problem description.

Reagrds

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card