Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1008
Views
5
Helpful
4
Replies

WLC based mobility-anchor guest access solution

mraliisahin
Level 1
Level 1

‎09-14-2011 10:57 AM - edited ‎07-03-2021 08:46 PM

Hi everybody,

My new setup with WLC baesed guest access solution is working well. I am using web based login authentication for wired & wireless solution. And everything is running through out the WLC. The WLC is granting access to is the internet for the guests. My question is how about printers and other devices that cannot make web based authentication. How can i get them to work in the same setup?

best regards,

Sahin

Labels:
0 Helpful
4 Replies 4

Nicolas Darchis
Cisco Employee
Cisco Employee

‎09-14-2011 11:10 AM

They require Mac Authentication Bypass. This is done with ACS or ISE. Basically they are allowed network access at the switch (or WLC even) level based on their mac address.

If you only have the WLC as device, you could create a separate SSID with mac filtering and have the mac addresses stored on the WLC itself. Not so scalable though.

0 Helpful

mraliisahin
Level 1
Level 1
In response to Nicolas Darchis

‎09-14-2011 11:32 AM

Thanks for the quick reply. TheMAC authentication Bypass sounds interesting. I dont have the ISE engine. But ACS sounds best possible solution for me. How will it work if my solution is based on ACS? Should the WLC authenticate users on ACS with local list? And how can WLC know that the specific printer MAC address should pass through and others should be authenticated first?

(this solution needs to work wired & wireless)

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to mraliisahin

‎09-15-2011 03:05 AM

For wired, you simply need to configure mac aut bypass on the printer switchports and point that to the ACS.

If it's accepted, the port will go in the printer vlan, if not, you can chose the behavior (block access, put in another vlan, etc ...).

For wireless, you need to enable "mac filtering" on the SSID, so it's best to create a separate SSID for the printers then because you want to authenticate those by mac address and you don't want that for the other clients probably.

You can then also point the mac filtering towards ACS on the wlc.

From there you can either have the macs stored locally on ACS or in your ACtive Directory or wherever you want.

mraliisahin
Level 1
Level 1
In response to Nicolas Darchis

‎09-18-2011 12:16 PM

right now I dont have any specific printer vlan. Printer's should also work in the guest wlan/vlan. Is it possible to authenticate printers with ACS so they will work in guest wlan/vlan, instead of forwarding to a specific printer vlan? I also have some special terminal machines that dosent have any http functionallity. I need to do the same thing with them. (btw, printers will only be connected to the wired network)

thx.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card