Guest access with webauth and intranet (http) access

Fredrik Hjelm · ‎05-22-2013

Hi!
Assume this scenario.

A customer has a guest access setup with webauth. The guest cannot access internet without give credentials first on a custom webpage.

But for some reason the customer would like to give anyone that associates with the guest SSID intranet (http) access without supply any credentials.

My first thoughts goes towards a preauthtentication ACL, but as I understand its only intended to use with a external web server instead of the web server in the WLC. To display the login page.

Anyone done something like this?

Sent from Cisco Technical Support iPhone App

David Watkins · ‎05-22-2013

You can use pre-authentication ACLs to allow clients to pass desired traffic while in a Web Auth REQD state, however the client will only remain in webauth_reqd for 5 minutes before being deauthenticated. If the client doesn't pass authentication (ie. login successfully), they will be constantly bouncing their connection.

There isn't a great way to accomplish with the web auth feature set on the wlc, either using internal, custom, or external pages.

Fredrik Hjelm · ‎05-24-2013

Thanks for your input!

Yes actually my case is a bit more complex than just intranet access and when you start adding lines to the pre-auth ACL, you realize its limitations.

Scott Fella · ‎05-24-2013

Why not just do a passthrough in which the guest just clicks in accept. This way there is no login. If they don't want that either then open auth I guess.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***