Cisco Cisco Flex 7510 Wireless Controller Guia De Resolução De Problemas
Feature Overview
This feature extends the capability of performing Web Authentication to an external web server from the AP
in FlexConnect mode, for the WLANs with locally switched traffic (FlexConnect Local Switching). Before
WLC Release 7.2.110.0, the Web Authentication to an external server was supported for APs in Local mode
or FlexConnect mode for WLANs with centrally switched traffic (FlexConnect Central Switching).
in FlexConnect mode, for the WLANs with locally switched traffic (FlexConnect Local Switching). Before
WLC Release 7.2.110.0, the Web Authentication to an external server was supported for APs in Local mode
or FlexConnect mode for WLANs with centrally switched traffic (FlexConnect Central Switching).
Often referred to as External Web Authentication, this feature extends the capability for FlexConnect Local
Switching WLAN to support all the Layer 3 Web Redirect Security types currently provided by the controller:
Switching WLAN to support all the Layer 3 Web Redirect Security types currently provided by the controller:
Web Authentication
•
Web Pass−through
•
Web Conditional Redirect
•
Splash Page Conditional Redirect
•
Considering a WLAN configured for Web Authentication and for local switching, the logic behind this feature
is to distribute and apply the Pre−Authentication FlexConnect Access Control List (ACL) directly at the AP
level instead of the WLC level. In this way, the AP will switch the packets coming from the wireless client
that are allowed by the ACL, locally. The packets not allowed are still sent over the CAPWAP tunnel to the
WLC. On the other hand, when the AP receives the traffic over the wired interface, if allowed by the ACL,
will forward it to the wireless client. Otherwise, the packet is dropped. Once the client is authenticated and
authorized, the Pre−Authentication FlexConnect ACL is removed, and all client data traffic is allowed and
switched locally.
is to distribute and apply the Pre−Authentication FlexConnect Access Control List (ACL) directly at the AP
level instead of the WLC level. In this way, the AP will switch the packets coming from the wireless client
that are allowed by the ACL, locally. The packets not allowed are still sent over the CAPWAP tunnel to the
WLC. On the other hand, when the AP receives the traffic over the wired interface, if allowed by the ACL,
will forward it to the wireless client. Otherwise, the packet is dropped. Once the client is authenticated and
authorized, the Pre−Authentication FlexConnect ACL is removed, and all client data traffic is allowed and
switched locally.
Note: This feature works under the assumption that the client can reach the external server from the locally
switched VLAN.
switched VLAN.
Summary:
WLAN configured for FlexConnect Local Switching and L3 Security
•
FlexConnect ACLs will be used as Pre−Authentication ACLs
•