Руководство По Устранению Ошибки для Cisco Cisco 5760 Wireless LAN Controller

ip arp inspection trust

ip dhcp snooping trust

end

The VLAN 19 and VLAN18 class-maps contain the VLAN match criteria based on which
you will differentiate which guest LAN the client falls in. It is is defined here: 

policy-map type

control subscriber DOUBLEAUTH

event session-started match-first

 1 class vlan19 do-until-failure

 2 activate service-template SERV-TEMP3-OPENAUTH

3 authorize

 2 class vlan18 do-until-failure

 2 activate service-template SERV-TEMP4-WEBAUTH

 3 authorize

interface po1

switchport trunk allowed vlan 19,137

switchport mode trunk

ip arp inspection trust

ip dhcp snooping trust

end

4.

The OPENAUTH policy is referred to sequentially, which in this case points to a service. The
template named SERV-TEMP3 OPENAUTH as defined here.

service-template SERV-TEMP3-

tunnel type capwap name GUEST_LAN_OPENAUTH

service-template SERV-TEMP4-WEBAUTH

tunnel type capwap name GUEST_LAN_WEBAUTH

5.

The service template contains a reference to the tunnel type and name. The client VLAN 75
only needs to exist on the guest anchor since it is responsible for handling client traffic. 

guest-lan GUEST_LAN_OPENAUTH 3

client vlan 75

mobility anchor 9.7.104.62

no security web-auth

no shutdown

guest-lan GUEST_LAN_WEBAUTH 4

client vlan VLAN0075

mobility anchor 9.7.104.62

security web-auth authentication-list joseph

security web-auth parameter-map webparalocal

no shutdown

6.

The tunnel request is initiated from the foreign to the guest anchor for the wired client and a
‘tunneladdsuccess’ indicates that the tunnel build up process completed. On the ACCESS-
SWITCHs there are multiple wired clients that connect  to either VLAN 18 or VLAN19, which
can be then assigned the guest LANs accordingly. It is port GigabitEthernet1/0/11 in this
example.

guest-lan GUEST_LAN_OPENAUTH 3

client vlan 75

mobility anchor 9.7.104.62

no security web-auth

no shutdown

guest-lan GUEST_LAN_WEBAUTH 4

client vlan VLAN0075

7.