Re: 9800 WLC LWA Guest access using Lobby Admin - per SSID?

mqontt · ‎04-22-2024

Hey Guys,

i was wondering if there is a way to allow Lobby admin to create a guest user where he would be able to specify that user is allowed to only join specific SSID.

Ie: i have 2 SSIDS (webauth1 and webauth2)

Lobby admin logs into the wlc and creates a guest account. But that guest account is valid on all WLAN profiles (SSIDs). And i would like to know if there is a way to restrict it per wlan profile.

I know this might be doable within the CLI, but for that you'd need admin privilege level (to edit guest user using cli).

thnx

M

marce1000 · ‎04-22-2024

- I would presume that this can be accomplished with background NAC schemes too , where the authenticating servers could then restrict the user to particular WLAN (note that anyone can see any SSID and attempt to connect to it)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

mqontt · ‎04-22-2024

Yea thats what i thought but unfortunately this customer doesnt have any NAC

marce1000 · ‎04-22-2024

- In that case , the customer may better plan that for the future and or lobby admin must be redirected to IT-staff , e.g.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '