That is correct. You might

ahmed.kamal.eldein · ‎02-10-2017

I have queries regarding WLC 5520 HTTP/HTTPs redirection for a Guest SSID:

> WLC can redirect to any external Captive Portal, right? No need to be Cisco Portal (In our case it's EliteCore SMP)

> Can WLC exempt some URL's from being redirected? Meaning guest users trying to access www.test.com for example can access this Website only directly without any authentication.

Scott Fella · ‎02-10-2017

The Cisco controllers can redirect to supported external captive portals as this isn't just tied to Cisco ISE. Others also just put the portal inline in which the traffic is pushed to the appliance.

As far as allowing certain websites, you would to setup a pre-auth acl allowing that is the EliteCore is a redirect and not inline. Or else the bypass would be done on the EliteCore. I would get as much information from EliteCore as possible as they should have information on various customer setups.

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

ahmed.kamal.eldein · ‎02-10-2017

Thanks Scott; just to make sure I'm aligned; we'll define in the Pre-Auth ACL on WLC; that any traffic going to this website (Destination Public IP) is permitted and no redirection; while any other traffic will be redirected to external Captive Portal - This Pre-Auth SSID will be applied to the Guest SSID

Correct?

Scott Fella · ‎02-10-2017

That is correct. You might also want to play around with DNS acls

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110101.html#d140363e1799a1635

-Scott

*** Please rate helpful posts ***

-Scott
*** Please rate helpful posts ***

WLC 5520 Redirection Queries