02-10-2017 06:11 AM - edited 07-05-2021 06:32 AM
I have queries regarding WLC 5520 HTTP/HTTPs redirection for a Guest SSID:
> WLC can redirect to any external Captive Portal, right? No need to be Cisco Portal (In our case it's EliteCore SMP)
> Can WLC exempt some URL's from being redirected? Meaning guest users trying to access www.test.com for example can access this Website only directly without any authentication.
02-10-2017 06:35 AM
The Cisco controllers can redirect to supported external captive portals as this isn't just tied to Cisco ISE. Others also just put the portal inline in which the traffic is pushed to the appliance.
As far as allowing certain websites, you would to setup a pre-auth acl allowing that is the EliteCore is a redirect and not inline. Or else the bypass would be done on the EliteCore. I would get as much information from EliteCore as possible as they should have information on various customer setups.
-Scott
*** Please rate helpful posts ***
02-10-2017 07:22 AM
Thanks Scott; just to make sure I'm aligned; we'll define in the Pre-Auth ACL on WLC; that any traffic going to this website (Destination Public IP) is permitted and no redirection; while any other traffic will be redirected to external Captive Portal - This Pre-Auth SSID will be applied to the Guest SSID
Correct?
02-10-2017 07:53 AM
That is correct. You might also want to play around with DNS acls
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-6/configuration-guide/b_cg76/b_cg76_chapter_0110101.html#d140363e1799a1635
-Scott
*** Please rate helpful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide