Cisco Cisco 4404 Wireless LAN Controller Referências técnicas
17
Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.0
OL-11010-01
Web Authentication Process
From the Local Net Users page, the system administrator can see all of the local net user accounts
(including guest user accounts) and can edit or remove them as desired. When you remove a guest user
account, all of the clients that are using that guest WLAN and are logged in using that account’s
username are deleted.
(including guest user accounts) and can edit or remove them as desired. When you remove a guest user
account, all of the clients that are using that guest WLAN and are logged in using that account’s
username are deleted.
Using the CLI to View Guest Accounts
To view all of the local net user accounts (including guest user accounts) using the controller CLI, enter
this command: show netuser summary
this command: show netuser summary
Web Authentication Process
Web authentication is a Layer 3 security feature that causes the controller to block IP traffic (except
DHCP-related packets) until the client has correctly supplied a valid username and password. When you
use web authentication to authenticate clients, you must define a username and password for each client.
Then when the clients attempt to join the wireless LAN, their users must enter the username and
password when prompted by a login window.
DHCP-related packets) until the client has correctly supplied a valid username and password. When you
use web authentication to authenticate clients, you must define a username and password for each client.
Then when the clients attempt to join the wireless LAN, their users must enter the username and
password when prompted by a login window.
Using the Web Authentication feature on a Cisco wireless LAN controller, we can authenticate a guest
user on the wireless LAN controller, an external web server, an external database on a RADIUS server
or via the Cisco Building Broadband Service Manager (BBSM).
user on the wireless LAN controller, an external web server, an external database on a RADIUS server
or via the Cisco Building Broadband Service Manager (BBSM).
These four methods are described in the following sections:
Web Authentication Using Mobility Anchor Feature on Controller
Guest tunneling provides additional security for guest-user access to the corporate wireless network,
ensuring that guest users are unable to access the corporate network without first passing through the
corporate firewall. Instead of extending the DMZ virtual LAN (VLAN) to each wireless LAN controller
on the network, a Cisco 4100 or 4400 series wireless LAN controller or Cisco WiSM can be used in the
DMZ as an anchor controller to terminate traffic from remote controllers.
ensuring that guest users are unable to access the corporate network without first passing through the
corporate firewall. Instead of extending the DMZ virtual LAN (VLAN) to each wireless LAN controller
on the network, a Cisco 4100 or 4400 series wireless LAN controller or Cisco WiSM can be used in the
DMZ as an anchor controller to terminate traffic from remote controllers.
Internal employee user traffic is segregated from guest user traffic using Ethernet over IP (EoIP) tunnels
and VLANs between the remote controllers and the DMZ controller.
and VLANs between the remote controllers and the DMZ controller.
Guest Tunneling Support on Cisco Products
Guest Tunneling provides additional security for guest-user access to the corporate wireless network
across most wireless LAN controller platforms (
across most wireless LAN controller platforms (