Cisco Cisco 5760 Wireless LAN Controller 故障排查指南
ip arp inspection trust
access-session port-control auto
service-policy type control subscriber DOUBLEAUTH
ip dhcp snooping trust
end
The VLAN 19 and VLAN18 class-maps contain the VLAN match criteria based on which
you will differentiate which guest LAN the client falls in. It is is defined here:
you will differentiate which guest LAN the client falls in. It is is defined here:
policy-map type
control subscriber DOUBLEAUTH
event session-started match-first
1 class vlan19 do-until-failure
2 activate service-template SERV-TEMP3-OPENAUTH
3 authorize
2 class vlan18 do-until-failure
2 activate service-template SERV-TEMP4-WEBAUTH
3 authorize
interface po1
switchport trunk allowed vlan 19,137
switchport mode trunk
ip arp inspection trust
access-session port-control auto
service-policy type control subscriber DOUBLEAUTH
ip dhcp snooping trust
end
4.
The OPENAUTH policy is referred to sequentially, which in this case points to a service. The
template named SERV-TEMP3 OPENAUTH as defined here.
template named SERV-TEMP3 OPENAUTH as defined here.
service-template SERV-TEMP3-
OPENAUTH
tunnel type capwap name GUEST_LAN_OPENAUTH
service-template SERV-TEMP4-WEBAUTH
tunnel type capwap name GUEST_LAN_WEBAUTH
5.
The service template contains a reference to the tunnel type and name. The client VLAN 75
only needs to exist on the guest anchor since it is responsible for handling client traffic.
only needs to exist on the guest anchor since it is responsible for handling client traffic.
guest-lan GUEST_LAN_OPENAUTH 3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
guest-lan GUEST_LAN_WEBAUTH 4
client vlan VLAN0075
mobility anchor 9.7.104.62
security web-auth authentication-list joseph
security web-auth parameter-map webparalocal
no shutdown
6.
The tunnel request is initiated from the foreign to the guest anchor for the wired client and a
‘tunneladdsuccess’ indicates that the tunnel build up process completed. On the ACCESS-
SWITCHs there are multiple wired clients that connect to either VLAN 18 or VLAN19, which
can be then assigned the guest LANs accordingly. It is port GigabitEthernet1/0/11 in this
example.
‘tunneladdsuccess’ indicates that the tunnel build up process completed. On the ACCESS-
SWITCHs there are multiple wired clients that connect to either VLAN 18 or VLAN19, which
can be then assigned the guest LANs accordingly. It is port GigabitEthernet1/0/11 in this
example.
guest-lan GUEST_LAN_OPENAUTH 3
client vlan 75
mobility anchor 9.7.104.62
no security web-auth
no shutdown
guest-lan GUEST_LAN_WEBAUTH 4
client vlan VLAN0075
7.