Cisco Cisco 5760 Wireless LAN Controller Guia De Resolução De Problemas
Enable DHCP and creation of the VLAN. As noted, the client VLAN does not need to be set
up on the foreign.
up on the foreign.
1.
The switch detects the MAC address of the incoming client on the port-channel configured
with ‘access-Session port-control auto’ and applies the subscriber policy OPENAUTH. The
OPENAUTH policy as described here should be created first.
with ‘access-Session port-control auto’ and applies the subscriber policy OPENAUTH. The
OPENAUTH policy as described here should be created first.
policy-map type control
subscriber OPENAUTH
event session-started match-all
1 class always do-until-failure
2 activate service-template SERV-TEMP3-OPENAUTH
3 authorize
interface Po1
switchport trunk allowed vlan 19,137
switchport mode trunk
ip arp inspection trust
access-session port-control auto
service-policy type control subscriber OPENAUTH
ip dhcp snooping trust
end
2.
MAC address learning should be configured on the foreign for VLAN.
policy-map type control
subscriber OPENAUTH
event session-started match-all
1 class always do-until-failure
2 activate service-template SERV-TEMP3-OPENAUTH
3 authorize
interface Po1
switchport trunk allowed vlan 19,137
switchport mode trunk
ip arp inspection trust
access-session port-control auto
service-policy type control subscriber OPENAUTH
ip dhcp snooping trust
end
3.
The OPENAUTH policy is referred to sequentially, which in this case points to a service. The
template named ‘SERV-TEMP3 OPENAUTH’ is defined here:
template named ‘SERV-TEMP3 OPENAUTH’ is defined here:
service-template SERV-TEMP3-
OPENAUTH
tunnel type capwap name GUEST_LAN_OPENAUTH
4.
The service template contains a reference to the tunnel type and name. The client VLAN 75
only needs to exist on the guest anchor since it is responsible for handling client traffic.
only needs to exist on the guest anchor since it is responsible for handling client traffic.
guest-lan GUEST_LAN_OPENAUTH 3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
5.
The tunnel request is initiated from the foreign to the guest anchor for the wired client and a
tunneladdsuccess indicates that the tunnel build up process is complete. On the ACCESS-
SWITCH1 a wired client connects to the Ethernet port that is set to access mode by the
network administrator. It is port GigabitEthernet1/0/11 in this example.
tunneladdsuccess indicates that the tunnel build up process is complete. On the ACCESS-
SWITCH1 a wired client connects to the Ethernet port that is set to access mode by the
network administrator. It is port GigabitEthernet1/0/11 in this example.
guest-lan
GUEST_LAN_OPENAUTH
3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
6.
WEBAUTH