07-01-2024 09:48 AM
Hello all,
My current environment consists of a WLC 5520 with mostly if not all 9120AXI ap's on prem. Our current setup for guest wifi does not use ISE authentication it simply allows the end user on the network via captive portal.
VIP is requesting to have me setup wifi captive portal redirect which directs the guests to a customer survey. I was able to re-create a similar guest WLAN in order to test the setup but even after copying the configuration it seems that the SSID can broadcast but is unable to get out to the internet.
Does anybody have instructions on setting up this network? Thank you in advance for any help.
07-01-2024 09:59 AM
- I don't have an immediate direct reply , but if there are configuration changes or additions on the controller
then validate the controller configuration again using : WirelessAnalyzer input (procedure) for AireOs controllers
and then feed the output from that into Wireless Config Analyzer
For the older aireos based controller such as the 5520 it becomes kind of mandatory to use the last release available :
https://software.cisco.com/download/home/286284738/type/280926587/release/8.10.196.0
For irregular client behavior use client debugging according to : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/213258-collect-debugs-from-wireless-lan-control.html
Note that client debugs can be processed and analyzed with : Wireless Debug Analyzer
M.
07-02-2024 05:30 AM
Without knowing anything about how your config looks it's hard to say.
Compare the WLAN configs side by side and look for any differences (other than those which are intended)
07-02-2024 06:30 AM
So as or right now we have a WLC (5508) that lives inside of our DMZ and a wlc that hangs off of the core. According to our documentation (I'm still new here) the DMZ WLC is purposes specifically for hosting the guest WLAN and the 5520 is for the 9120 AP's/regular day to day SSID's. I don't see any AP's associated with the 5508 so I'm trying to understand how the WLAN is being broadcasted since both of the WLC's have the SSID's.
I've copied the configuration identically to the current running configuration but I'm still unable to receive an ip on my device. Is it possible that I have to configure the WLAN on the 5508 rather than the 5520?
07-02-2024 06:46 AM
This solution is called Guest Anchor Mobility.
Refer the following documents for good understanding of how the solution works.
https://mrncciew.com/2013/03/22/auto-anchor-mobility/
Jagan Chowdam
/**Pls rate useful responses**/
07-03-2024 03:14 AM
And make sure the software on both WLCs is up to date as per the TAC recommended link below.
Currently that is 8.10.196.0 for the 5520 and 8.5.182.12 for the 5508.
07-03-2024 07:56 AM
Jagan, I was able to get the WLAN up and running based on your suggestions on anchoring thank you! Would you happen to know what the proper steps are to setting up the customer survey re-direct splash page would be? I'm referring to the documentation and it mentions providing a pre-authorization acl but not sure what ip I should be permitting..
07-05-2024 08:04 AM
Cisco WLC does not store user responses for splash login. An external server is required if this is a necessity. In your original post, you mentioned you have ISE. Are you planning to use ISE for the Guest Portal (CWA)?
The following are the Guest Portal techniques available on Cisco Controllers:
If you have access to Cisco Live On-Demand videos, there is an excellent session titled "Be My Guest! Design and Deploy Wireless Guest Access That Works" which explains these options in detail. You can search for "BRKEWN-2014" at Cisco Live On-Demand Library.
For Cisco WLC ACLs, refer to this blog post by Rasika, which provides a clear explanation: WLC Access Control List (ACL).
Note that Pre-auth ACL changes based on the option you choose (CWA or LWA).
Jagan Chowdam
/**Pls rate useful responses**/
07-10-2024 09:42 AM
Hey Jagan, for the guest wireless we are using the passthrough option. I tested the page with a re-direct in the override global config along with a pre-auth acl for permitting any any traffic but Im not able to hit the redirect for some reason. Not really sure what else I am missing at this point.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide