cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

514
Views
5
Helpful
6
Replies
Highlighted
Beginner

Web authentication across multiple WLCs

G'day All,

I've got a simple wireless deployment where there are 2 active WLCs to load balance AP count between the 2. I need to create a simple guest network, so the web auth and lobby ambassador setup is the go, but I am not sure how to only have the one web-auth and lobby ambassador setup working across the 2 WLCs. Obviously a single WLC is straight forward, but it is possible to have a single instance of the web-auth working across the 2 active controllers. I don't want to have to create guest accounts on both WLCs.

Thanks and all help is always greatly appreciated guys.

Ta.

JS.

6 REPLIES 6
Beginner

Web authentication across multiple WLCs

Sure this can be done,

On this setup, you are sending all the information from the clients connected to the WLANs that are being anchored to the anchor controller and then you put this traffic on the network so, the authentication process will take place on the anchor controller; this means that the data base that you are going to use for authentication (the local user list in this case) has to be located on the anchor side. So, since Loby Ambassador is just going to add entries to the controlle's database you just need to have the Loby Ambassador setup on the anchor side.

If you have questions just let me know

Best regards,

Marco Gonzalez

Cisco TAC TL

Beginner

Web authentication across multiple WLCs

Thanks Marco, and thanks for the prompt response.

So it is just a simple guest anchor setup. I have done this previously with the anchor in a dmz, but the anchor did not have any APs registered to it.

So I understand the mobility anchoring of the WLAN on 'foreign' wlc to the anchor,  and the local anchoring of the WLAN on the anchor WLC, but if the anchor also has APs registered to it, is there anything that needs to be configured??

Thanks

JS

Hall of Fame Master

Re: Web authentication across multiple WLCs

It's not a normal setup, but you can always anchor an ssid to one wlc if you want. No other special configurations at all. Treat the guests said like how you would a dmz wlc even though it will also have APs.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Beginner

Web authentication across multiple WLCs

Thanks for the reply Scott.

I should have this deployed in the next week or so, so I'll try to report back with my experience.

Just for my knowledge, when you say it isn't a normal set up for a guest anchoring, are you able to give me a run down on what a normal setup should look like.

Thanks

JS

Hall of Fame Master

Re: Web authentication across multiple WLCs

Well, typically if you want a single location for guest, you would have a dedicated wlc in the dmz and tunnel traffic from your internal wcs to the guest dmz wlc. Depending on how many guest you will have, you can use a 2504 running v7.4 or later or a 5508-12.

Here is a link

http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob73dg/ch10GuAc.html

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Rising star

Web authentication across multiple WLCs

Hello,

As per your query i can suggest  you the following solution-

Yes, this is possible to have a single instance of the web-auth working across the 2 active controllers

Hope this will help you.

CreatePlease to create content
Content for Community-Ad

August's Community Spotlight Awards