02-12-2014 05:21 AM - edited 07-05-2021 12:10 AM
Hi there,
We have 2 WLC5508 (7.2.111.3) with several SSID's.
One of them is configured as Passthrough with an external splash server. Works fine.
Now we want to use the "On MAC Filter failure".
If the client MAC-adresse is configured under MAC Filtering on the WLC, the authentication is done without WebAuth.
If MAC-adress is not known, the client will be redirect to the external WebAuth server for authentication.
To keep the Passthrough functionality for the user, we hardcoded an username&password in the splash-page.
So, every client WebAuth uses the same username&password for authentication against the WLC.
User Login Policies is set to unlimited.
So far so good, it seems to work, but I have read, that Cisco 5500 controllers supports only 150 simultaneous Web Auth Users logins.
The two WLC's have abount 100-170 clients connected.
Question:
- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
- Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
If yes, some guide information wolud be great.
- When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
Thanks for the answers
Kind regards,
Norbert
Solved! Go to Solution.
02-12-2014 06:23 AM
Its probably a limitation to processing of clients with the same credentials. I have never ran into an issues, but how many guest will complain, if they have to hit the accept button a few seconds after:)
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-12-2014 05:44 AM
Question:
- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
> I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users
- Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
If yes, some guide information would be great.
> ISE is really used to login with a username and password and to be able to profile. You would need to ask that on the Security forum to get their input if this is something then would do or just leave it on the WLC
- When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
> Not really... some machines with popup blocker does block this and you don't see the logout, but you can't remove this.
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
02-12-2014 06:07 AM
Thanks for the fast reply Scott
- Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
> I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users
>> So it's only a "best practise statement" from Cisco? Those two WLC's have about 150-200 user connected on the
guest SSID.
Kind regards,
Norbert
02-12-2014 06:23 AM
Its probably a limitation to processing of clients with the same credentials. I have never ran into an issues, but how many guest will complain, if they have to hit the accept button a few seconds after:)
Thanks,
Scott
*****Help out other by using the rating system and marking answered questions as "Answered"*****
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide