Cisco Cisco 5760 Wireless LAN Controller Guia De Resolução De Problemas
Contents
Introduction
Deployment Scenario
Topology
OPENAUTH
Guest Anchor Configuration
Foreign Configuration
WEBAUTH
Guest Anchor Configuration
Foreign Configuration
Configure OPENAUTH and WEBAUTH in Parallel
Guest Anchor Configuration
Foreign Configuration
WEBAUTH Command O/P Example
Foreign
Anchor
Introduction
This document covers deployment of the wired guest access feature on the Cisco 5760 Wireless
LAN Controller which acts as a Foreign Anchor and the Cisco 5760 Wireless LAN controller which
acts as a Guest Anchor in the Demilitarized Zone (DMZ)
LAN Controller which acts as a Foreign Anchor and the Cisco 5760 Wireless LAN controller which
acts as a Guest Anchor in the Demilitarized Zone (DMZ)
In enterprise networks, there is typically a need to provide network access to its guests on the
campus. The guest access requirements include provision of connectivity to the Internet or other
selective enterprise resources to both wired and wireless guests in a consistent and manageable
way. The same wireless LAN controller can be used to provide access to both types of guests on
the campus. For security reasons, a large number of enterprise network administrators segregate
guest access to a DMZ controller via tunneling. The guest access solution is also used as a
fallback method for guest clients that fail dot1x and MAC Authentication Bypass (MAB)
authentication methods.
campus. The guest access requirements include provision of connectivity to the Internet or other
selective enterprise resources to both wired and wireless guests in a consistent and manageable
way. The same wireless LAN controller can be used to provide access to both types of guests on
the campus. For security reasons, a large number of enterprise network administrators segregate
guest access to a DMZ controller via tunneling. The guest access solution is also used as a
fallback method for guest clients that fail dot1x and MAC Authentication Bypass (MAB)
authentication methods.
The guest user connects to the designated wired port on an access layer switch for access and
optionally might be made to go through Web Consent or Web Authentication modes, dependent
upon the security requirements (details in later sections). Once guest authentication succeeds,
access is provided to the network resources and the guest controller manages the client traffic.
The foreign anchor is the primary switch where the client connects for network access. It initiates
tunnel requests. The guest anchor is the switch where the client actually gets anchored. Apart
from the Cisco 5500 Series WLAN Controller, the Cisco 5760 Wireless LAN controller can be used
as a guest anchor. Before the guest access feature can be deployed, there must be a mobility
tunnel established between the foreign anchor and the guest anchor switches. The guest access
feature works for both MC (Foreign Anchor) >> MC (Guest Anchor) and MA (Foreign Anchor) >>
MC (Guest Anchor) models. The foreign anchor switch trunks wired guest traffic to the guest
anchor controller and multiple guest anchors can be configured for load balancing. The client is
anchored to a DMZ anchor controller. It is also responsible for handling DHCP IP address
assignment as well as authentication of the client. After the authentication completes, the client is
able to access the network.
optionally might be made to go through Web Consent or Web Authentication modes, dependent
upon the security requirements (details in later sections). Once guest authentication succeeds,
access is provided to the network resources and the guest controller manages the client traffic.
The foreign anchor is the primary switch where the client connects for network access. It initiates
tunnel requests. The guest anchor is the switch where the client actually gets anchored. Apart
from the Cisco 5500 Series WLAN Controller, the Cisco 5760 Wireless LAN controller can be used
as a guest anchor. Before the guest access feature can be deployed, there must be a mobility
tunnel established between the foreign anchor and the guest anchor switches. The guest access
feature works for both MC (Foreign Anchor) >> MC (Guest Anchor) and MA (Foreign Anchor) >>
MC (Guest Anchor) models. The foreign anchor switch trunks wired guest traffic to the guest
anchor controller and multiple guest anchors can be configured for load balancing. The client is
anchored to a DMZ anchor controller. It is also responsible for handling DHCP IP address
assignment as well as authentication of the client. After the authentication completes, the client is
able to access the network.