Configuring Wired Guest Access
To configure the security policy for the wired guest LAN, enter this command:
Step 7
config guest-lan security {web-auth enable guest_lan_id | web-passthrough enable guest_lan_id}
Note
To enable or disable a wired guest LAN, enter this command:
Step 8
config guest-lan {enable | disable} guest_lan_id
If you want wired guest users to log into a customized web login, login failure, or logout page, enter
Step 9
these commands to specify the filename of the web authentication page and the guest LAN for which it
should display:
config guest-lan custom-web login-page page_name guest_lan_id—Defines a web login page.
•
config guest-lan custom-web loginfailure-page page_name guest_lan_id—Defines a web login
•
failure page.
Note
•
config guest-lan custom-web logout-page page_name guest_lan_id—Defines a web logout page.
Note
Step 10
If you want wired guest users to be redirected to an external server before accessing the web login page,
enter this command to specify the URL of the external server:
config guest-lan custom-web ext-webauth-url ext_web_url guest_lan_id
Step 11
If you want to define the order in which local (controller) or external (RADIUS, LDAP) web
authentication servers are contacted, enter this command:
config wlan security web-auth server-precedence wlan_id {local | ldap | radius} {local | ldap |
radius} {local | ldap | radius}
The default order of server web authentication is local, RADIUS, LDAP.
Note
To define the web login page for wired guest users, enter this command:
Step 12
config guest-lan custom-web webauth-type {internal | customized | external} guest_lan_id
where
•
internal displays the default web login page for the controller. This is the default value.
•
customized displays the custom web pages (login, login failure, or logout) that were configured in
Step
external redirects users to the URL that was configured in
•
Cisco Wireless LAN Controller Configuration Guide
10-30
Web authentication is the default setting.
To use the controller's default login failure page, enter this command: config guest-lan
custom-web loginfailure-page none guest_lan_id.
To use the controller's default logout page, enter this command: config guest-lan
custom-web logout-page none guest_lan_id.
All external servers must be pre-configured on the controller. You can configure them on the
RADIUS Authentication Servers page or the LDAP Servers page.
9.
Chapter 10
Managing User Accounts
Step
10.
OL-17037-01