Cisco Cisco IOS XE 3.5E Release Notes
3
Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.7.xE
What’s New in Cisco IOS XE Release 3.7.3E
Note
We recommend password encryption while using an HTTP GET Request.
•
Different Attributes in Long URL—The webauth parameter map supports external URLs with a
maximum length of 256 characters. While configuring a login URL for web authentication, ensure
that complete length of the redirected URL does not exceed 550 characters. Use the following
commands to configure external webauth parameter map with long URL:
maximum length of 256 characters. While configuring a login URL for web authentication, ensure
that complete length of the redirected URL does not exceed 550 characters. Use the following
commands to configure external webauth parameter map with long URL:
parameter-map type webauth external
type webauth
redirect for-login http://<login_url>/login.html
redirect on-failure http://failurepage.html
redirect on-success http://successpage.html
redirect portal ipv4 <external-webserver-ip-address>
•
Multiple VLAN support for Wired Guest Access with both Anchor and Foreign as Cisco 5760
WLC—Wired guest anchor can now support multiple VLANs and multiple guest LANs. Separate
VLANs can be assigned for each security profile like openauth, webauth and web consent. For more
information about the Wired Guest Anchor feature, see
WLC—Wired guest anchor can now support multiple VLANs and multiple guest LANs. Separate
VLANs can be assigned for each security profile like openauth, webauth and web consent. For more
information about the Wired Guest Anchor feature, see
Multiple VLAN Support for Wired Guest Access with Cisco 5760 WLC as Both
Anchor and Foreign Controller
Anchor and Foreign Controller
Restrictions
•
Wired guest VLAN on the access switch should not have any switch virtual interfaces (SVIs) present
on any of the local switches. It should terminate directly on the foreign controller, so that the traffic
is exported to the anchor.
on any of the local switches. It should terminate directly on the foreign controller, so that the traffic
is exported to the anchor.
•
The anchor VLAN should not be allowed on the foreign controller’s uplink. Doing so may result in
unexpected behavior.
unexpected behavior.
•
The foreign and anchor guest LANs should not be on the same VLAN.
•
Wired guest configuration should only be performed during scheduled network downtime period.
Overview
In enterprise networks, there is typically a need for providing network access to a network’s guests on
the campus. Guest access requirements include providing connectivity to the Internet or other selective
enterprise resources to both wired and wireless guests in a consistent and manageable manner. The same
wireless LAN controller can be used to provide access to both types of guests on the campus. For security
reasons, a large number of enterprise network administrators segregate guest access to a demilitarized
zone (DMZ) controller via tunneling. The guest access solution is also used as a fallback method for
guest clients that fail dot1x and MAB authentication methods.
the campus. Guest access requirements include providing connectivity to the Internet or other selective
enterprise resources to both wired and wireless guests in a consistent and manageable manner. The same
wireless LAN controller can be used to provide access to both types of guests on the campus. For security
reasons, a large number of enterprise network administrators segregate guest access to a demilitarized
zone (DMZ) controller via tunneling. The guest access solution is also used as a fallback method for
guest clients that fail dot1x and MAB authentication methods.
This document covers deployment of Wired Guest Access feature on Cisco 5760 WLC acting as Foreign
Anchor and Cisco 5760 WLC acting as Guest Anchor in the DMZ. The feature works in a similar fashion
on Cisco Catalyst 3650 switch acting as foreign controller.
Anchor and Cisco 5760 WLC acting as Guest Anchor in the DMZ. The feature works in a similar fashion
on Cisco Catalyst 3650 switch acting as foreign controller.
A guest user connects to the designated wired port on an access layer switch for access. Optionally, it
may be made to go through Web Consent or Web Authentication modes, depending upon the security
requirements. After guest authentication succeeds, access is provided to the network resources and the
may be made to go through Web Consent or Web Authentication modes, depending upon the security
requirements. After guest authentication succeeds, access is provided to the network resources and the