Cisco Cisco 5760 Wireless LAN Controller Guide De Dépannage
Guest Anchor Configuration
Enable IPDT and DHCP snooping on client VLAN(s), in this case VLAN 75. The client VLAN
needs to be created on the guest anchor.
needs to be created on the guest anchor.
guest-lan GUEST_LAN_OPENAUTH 3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
1.
Create VLAN 75 and the L3 VLAN interface.
guest-lan GUEST_LAN_OPENAUTH 3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
2.
Create a guest LAN that specifies the client VLAN with the 5760 itself acting as the mobility
anchor. For openmode, the no security web-auth command is required.
anchor. For openmode, the no security web-auth command is required.
guest-lan
GUEST_LAN_OPENAUTH
3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
3.
Foreign Configuration
Enable DHCP and creation of a VLAN. As noted, the client VLAN does not need to be set up
on the foreign.
on the foreign.
guest-lan GUEST_LAN_OPENAUTH 3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
1.
The switch detects the MAC address of the incoming client on the port-channel configured
with ‘access-Session port-control auto’ and applies the subscriber policy WEBAUTH. The
WEBAUTH policy as described here should be created first.
with ‘access-Session port-control auto’ and applies the subscriber policy WEBAUTH. The
WEBAUTH policy as described here should be created first.
policy-map type control
subscriber WEBAUTH
event session-started match-all
1 class always do-until-failure
2 activate service-template SERV-TEMP3-WEBAUTH
3 authorize
interface po1
switchport trunk allowed vlan 19,137
switchport mode trunk
ip arp inspection trust
access-session port-control auto
service-policy type control subscriber WEBAUTH
ip dhcp snooping trust
end
2.
MAC learning should be configured on the foreign for VLAN.
policy-map type control
subscriber WEBAUTH
event session-started match-all
1 class always do-until-failure
2 activate service-template SERV-TEMP3-WEBAUTH
3 authorize
interface po1
switchport trunk allowed vlan 19,137
switchport mode trunk
ip arp inspection trust
access-session port-control auto
3.