Working on getting local webauth guest access working on a C9800-CL. I have the accounts created. I want to limit which account can log into which WLAN. I've put in the WLAN Profile in each guests account but each user can log into each guest portal. Am I doing something wrong?
user-name Guest creation-time 1692368864 description Guest-User wlan-profile-name Customer_Guest_Wifi password 0 *********** type network-user description Guest-User guest-user lifetime year 0 month 3 day 5 hour 0 minute 0 second 0 ! user-name Guest1 creation-time 1692368864 description Guest-User wlan-profile-name Customer_Guest password 0 *********** type network-user description Guest-User guest-user lifetime year 0 month 3 day 5 hour 0 minute 0 second 0
! wlan Customer_Guest 5 Customer_Guest band-select dot11ax target-waketime dot11ax twt-broadcast-support no security ft adaptive no security wpa no security wpa wpa2 no security wpa wpa2 ciphers aes no security wpa akm dot1x security web-auth authentication-list local_webauth security web-auth parameter-map GUEST no shutdown ! wlan Customer_Guest_Wifi 10 Customer_Guest_Wifi band-select dot11ax target-waketime dot11ax twt-broadcast-support no security ft adaptive no security wpa no security wpa wpa2 no security wpa wpa2 ciphers aes no security wpa akm dot1x security web-auth security web-auth authentication-list local_auth security web-auth parameter-map GUEST
- There's an overall checking methodology of the configuration of a 9800 controller use the CLI command show tech wireless and feed the output into : https://cway.cisco.com/wireless-config-analyzer/ This may point errors relating to your intended guest setups too
M.
-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? ' When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
Your config shows the user config referring to Customer_Guest_Wifi and Customer_Guest profiles and then it shows WLANs with those same names. But WLAN definitions (SSIDs) are not profiles! In the 9800 configuration model a WLAN (SSID) and policy profile are associated with each other in the tag policy.
That's not to say it will work (I've never tried it) but you might be confusing the WLAN/SSID with the policy profile?
Thanks. I am using the WLAN Profile name, which happens to be the same as the SSID. Are you saying that I need to use the Policy tag for the WLAN vs the WLAN profile name?
No I'm saying that when you add a WLAN to a policy tag you need to add the WLAN profile name *with* the policy profile. Did you read the document at that link? The Create/Modify a Policy Tag section, step 2, shows adding the WLAN with the policy profile.
CLI:
# config t
# wireless tag policy <policy-tag-name>
# wlan <ssid-name> policy <policy-profile-name>
# end
Use the config analyser (below) to check your config.
