Solved: Cisco WLC 5508 simultaneous Web Auth Users logins?

alig.norbert · ‎02-12-2014

Hi there,

We have 2 WLC5508 (7.2.111.3) with several SSID's.

One of them is configured as Passthrough with an external splash server. Works fine.

Now we want to use the "On MAC Filter failure".

If the client MAC-adresse is configured under MAC Filtering on the WLC, the authentication is done without WebAuth.

If MAC-adress is not known, the client will be redirect to the external WebAuth server for authentication.

To keep the Passthrough functionality for the user, we hardcoded an username&password in the splash-page.

So, every client WebAuth uses the same username&password for authentication against the WLC.

User Login Policies is set to unlimited.

So far so good, it seems to work, but I have read, that Cisco 5500 controllers supports only 150 simultaneous Web Auth Users logins.

The two WLC's have abount 100-170 clients connected.

Question:

- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?

- Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.

If yes, some guide information wolud be great.

- When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?

Thanks for the answers

Kind regards,

Norbert

Scott Fella · ‎02-12-2014

Its probably a limitation to processing of clients with the same credentials. I have never ran into an issues, but how many guest will complain, if they have to hit the accept button a few seconds after:)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎02-12-2014

Question:

- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?

> I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users

- Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.

If yes, some guide information would be great.

> ISE is really used to login with a username and password and to be able to profile. You would need to ask that on the Security forum to get their input if this is something then would do or just leave it on the WLC

- When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?

> Not really... some machines with popup blocker does block this and you don't see the logout, but you can't remove this.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

alig.norbert · ‎02-12-2014

Thanks for the fast reply Scott

- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?

> I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users

>> So it's only a "best practise statement" from Cisco? Those two WLC's have about 150-200 user connected on the

guest SSID.

Kind regards,

Norbert

Scott Fella · ‎02-12-2014

Its probably a limitation to processing of clients with the same credentials. I have never ran into an issues, but how many guest will complain, if they have to hit the accept button a few seconds after:)

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***