Cisco Cisco 5760 Wireless LAN Controller Troubleshooting Guide

Enable IPDT and DHCP snooping on client VLAN(s), in this case VLAN 75. The client VLAN
needs to be created on the guest anchor. 

guest-lan GUEST_LAN_OPENAUTH 3

client vlan 75

mobility anchor 9.7.104.62

no security web-auth

no shutdown

1.

Create VLAN 75 and the L3 VLAN interface. 

guest-lan GUEST_LAN_OPENAUTH 3

client vlan 75

mobility anchor 9.7.104.62

no security web-auth

no shutdown

2.

Create a guest LAN that specifies the client VLAN with the 5760 itself acting as the mobility
anchor. For openmode, the no security web-auth command is required.

guest-lan

3

client vlan 75

mobility anchor 9.7.104.62

no security web-auth

no shutdown

3.

Enable DHCP and creation of a VLAN. As noted, the client VLAN does not need to be set up
on the foreign. 

guest-lan GUEST_LAN_OPENAUTH 3

client vlan 75

mobility anchor 9.7.104.62

no security web-auth

no shutdown

1.

The switch detects the MAC address of the incoming client on the port-channel configured
with ‘access-Session port-control auto’ and applies the subscriber policy WEBAUTH. The
WEBAUTH policy as described here should be created first. 

policy-map type control

subscriber WEBAUTH

event session-started match-all

1 class always do-until-failure

2 activate service-template SERV-TEMP3-WEBAUTH

3 authorize

interface po1

switchport trunk allowed vlan 19,137

switchport mode trunk

ip arp inspection trust

ip dhcp snooping trust

end

2.

MAC learning should be configured on the foreign for VLAN. 

policy-map type control

subscriber WEBAUTH

event session-started match-all

1 class always do-until-failure

2 activate service-template SERV-TEMP3-WEBAUTH

3 authorize

interface po1

switchport trunk allowed vlan 19,137

switchport mode trunk

ip arp inspection trust

3.