Solved: Re: Cisco Wireless Controller 9800

kick534 · ‎11-09-2021

Hi,

Our company purchasing 2X9800 Cisco WAC for Administration Employees purpose and 2X 9800 Cisco WAC for Guest Purpose with 50 AP's for all controllers.

Our task to designed and implement a separate Guest/ Public wireless Network :

Features we are looking for :

The guest access solution shall be at minimum be self- contained and does not require any external platforms to perform access control, web portal, or AAA Services.

Report shall be provided for Guest/ Public utilizing the Guest/Public wireless network. at Minimum reports shall include details such as log-in-duration/date/time site browsed URL accessed.

IT Team shall configure and provide free sms service providers on the proposed sms gateway to lower company expenses or else explicit agreed with company

Please Clarify can we configure above features in Cisco 9800 WAC or we need any external sms Gateways.

Arshad Safrulla · ‎11-10-2021

If you have ISE you need find a provider who can give you a sms gateway. It depends on the ISP whether there will be an appliance on-prem or not

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

Arshad Safrulla · ‎11-09-2021

You have multiple options. First of all you need to decide whether you are going to host this portal where guest user authentication will be done as LWA, CWA or EWA(external). Depending on what you choose your options may vary.

CWA - Most popular option is use Cisco ISE to provide Guest Splash page and integrate a SMS gateway there. This requires Cisco ISE and SMS gateway.

LWA - Splash page will be locally hosted in WLC, but not recommended for large deployments.

EWA - Easiest method out of 3, you contact an external splash page provider and agree on the terms on how may users, how the authentication is done etc. and configure ur WLC's to redirect all the users for authentication. You can consider Cisco DNA spaces. There are other vendors as well, but DNA spaces glues well with Cisco WLC's.

Now guest activity monitoring such as history etc. may require an appliance which can do MITM, preferably a firewall. This is a total dedicated solution. Also there are some L2 appliances which provide user activity monitoring combined with SMS authentication splash pages, but it depends on your region. So your best bet would be to explore the local markets to see who can assist your here if you want to go with this option.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

kick534 · ‎11-10-2021

Thanks for reply,

FYI, we will go with CWA - in our network we already have ISE ,

Can you please more explain on SMS gateway concept , we need to contact local SMS gateway provider or there is an appliance we have to purchase???

Arshad Safrulla · ‎11-10-2021

If you have ISE you need find a provider who can give you a sms gateway. It depends on the ISP whether there will be an appliance on-prem or not

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

kick534 · ‎11-10-2021

Thanks I understand ...