Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
0
Helpful
3
Replies

Can you set an exception to the acceptable use policy on 5508 wireless controller?

buchanan-g
Level 1
Level 1

‎05-08-2013 07:21 AM - edited ‎07-04-2021 12:02 AM

On our public wi-fi network we have an acceptable use policy page that users must accept in order to access the internet.  However I would like to exclude a few devices from having to do this.  We have a couple of Kindle devices from a vendor that they configured to automatically connect to the internet for updates twice a day.  But they cannot accept the policy so they are blocked.  Any ideas?

Labels:
0 Helpful
3 Replies 3

George Stefanick
VIP Alumni
VIP Alumni

‎05-08-2013 07:46 AM

Hi Gary,

Welcome to CSC!

You can add an Pre-Authentication ACL to specific sites a device can access prior to hitting the accept button. But to white list devices and allow them to bypass the AUP, no. If you add ISE or some other 3rd party system you can get fancy but on the WLC its pretty dry. There could be something in later code, but my expereince is in 7.0 ..

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________
0 Helpful

buchanan-g
Level 1
Level 1
In response to George Stefanick

‎05-08-2013 08:02 AM

Thanks.  I will try that.  Also we just put ISE in limited functionality. I will look into using it also.

0 Helpful

David Watkins
Level 4
Level 4
In response to buchanan-g

‎05-08-2013 09:49 PM

I think you're going to be limited either way.  Since you are going with ISE, I would depend on using that as a solution for this, however you will not be able to present just an AUP page as of ISE 1.1.3.  You would have the guest users authenticating, while the other devices are placed in an Endpoint Identity group or manual Whitelist.

The same issue happens on the WLC.  You can configure the L3 portion of your WLAN to only do webauth "On Mac Filter failure", where if the client is found in the local mac entries or radius, then they do not have to perform the L3 authentication/splash-page.  Unfortunately, when you enable this feature, users that do not "bypass" must login to the guest portal; an AUP will not be presented.

The pre-authentication ACL is a workaround, however the client will only remain in the WEBAUTH_REQD state for up to 5 minutes before being deauthenticated and be forced to re-connect, and re-establish any previously existing connections.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card