12-02-2016 06:58 AM - edited 07-05-2021 06:12 AM
I am trying to change the public web connection which is using the internal web auth type with just a click to accept the AUP disclaimer.
We want to use the same AUP internal page but incorporate a user name and password for the guest. And use the same user name and password for everyone. I cannot seem to get it to work for some reason. And would appreciate any input on how to get this to work. The goal is to limit everyone from outside the organization from connecting. At present I only have the WLC's 5508 as foreign and anchor controllers.
Version is 8.0.133. Also have Cisco Prime Applicance 3.0 . I am trying to have them purchase an ISE appliance and incorporate that into the wireless network for authentication but it may be awhile.
Thanks for your help in advance.
Solved! Go to Solution.
12-08-2016 07:33 AM
hi Reily,
you can read this to help you get the guest access with anchor controller and to check if your configuration is correct.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/WirelessNetwork_GuestAccessService.html
do you use /20 subnet ? or interface groupe ? it's better to bundle multiple /24 into interface groupe to control your dhcp assignment.
12-08-2016 03:19 PM
Well, the wireless clients broadcast traffic is not forwarded to the network by default. If you didn't change it I won't worry about broadcast issues.
Normally on my customers network I'm trying not to use subnets larger than /23 and so far no problems.
12-07-2016 01:52 AM
hi Reily,
sorry but i didn't get the scenario right , please correct me if i'm wrong.
you have 2 types of clients A and B, the last is a guest and you want them to use the same AUP but one with username and password and the other just as a bypass ?
And use the same username and password for everyone
do you mean a general 1 username for all clients ?
12-08-2016 06:37 AM
Sorry, we will just use 1 type of client. Presently using WebAuth where with the AUP is the standard disclaimer and then the <Accept>, what they are calling click through.
What is requested is generic log in name and password where everyone uses the same name and password. I have been looking on doing it on the anchor controller, but cannot get it to work. I may be missing something.
The purpose is to try and limit the number of connections from adjacent locations.
Also another question I have not been able to find a answer on is the scope size of a guest wlan.
Presently the scope is for around 4000 ip's, I had to lower the lease times to keep from running out of available ip's. Present lease is 30 minutes. By noon I run out of ip numbers. Would it be feasible to just double the scope of ip numbers and increase the lease time?
12-08-2016 07:33 AM
hi Reily,
you can read this to help you get the guest access with anchor controller and to check if your configuration is correct.
http://www.cisco.com/c/en/us/td/docs/wireless/controller/8-1/Enterprise-Mobility-8-1-Design-Guide/Enterprise_Mobility_8-1_Deployment_Guide/WirelessNetwork_GuestAccessService.html
do you use /20 subnet ? or interface groupe ? it's better to bundle multiple /24 into interface groupe to control your dhcp assignment.
12-08-2016 08:03 AM
Presently it is configured as a /20. So once I set this up. I can use about 4 /24 subnets, bundle them together in a group. Then if I run out of IP's I would just add one moe /24 subnet to the interface group.
I will that
Thanks
12-08-2016 08:07 AM
let me know if you still need further help on this, i guess i need more configuration and from your side.
12-08-2016 12:59 PM
Attached is what I have presently for guest wireless subnet and the dhcp scope on the controller. Thanks for the link. That will help me out with the logins.
As far as the guest wifi subnet size, at present I run out of available ip's during the week day. I have configured interface groups on my internal foreign controllers, so on the anchor controller it will be the same process.
My question is how to size the guest vlans. Presently the one guest vlan is a /20
giving me 4096 address's. If I group /24 subnets together on an interface that would be 16 WLANS in the group. Just not sure what the best practice is for sizing the guest vlans.
12-08-2016 03:19 PM
Well, the wireless clients broadcast traffic is not forwarded to the network by default. If you didn't change it I won't worry about broadcast issues.
Normally on my customers network I'm trying not to use subnets larger than /23 and so far no problems.
12-09-2016 05:25 AM
Thanks for the info and help. It is much aprreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide