Wired Guest Access with Radius authentication

 

 

 

 

wlc001.png

 

SWITCH CONFIGURATION

 

  • add wired guest vlan to network infrastructure(everywhere where needed,e.g.trunks,access switches,etc.)

 

WLC CONFIGURATION

  • Create "Guest" interface

wlcF001.png

When you select "Guest Lan" checkbox all IP part is removed - it is normal behaviour

wlcF002.png

 

  • Create dynamic interface. It is interface where wired guest users will obtained IP and reach network resources like Internet.

wlcA001.png

wlcA002.png

wlc002.png

 

  • Add radius server(s)

wlcF004.png

 

  • Create WLAN for "Wired Guest Access" - please choose "Guest LAN" type like on picture

wlcF005.png

 As "Ingres" interface select "wired_guest"(VLAN 601) and as a "Egress" interface select dmz

wlc003.png

wlcF007.png

 Besides "Web Authentication" you can configure "Open" and "Pass-through"

wlcF008.png

  •  Select authentication server

wlcF009.png

wlcF010.png

wlcF011.png

 

WIRED GUEST CLIENT TEST

  • Connect client PC to switch where vlan(601) is assigned.
  • Open a browser
  • Verify client status on controller before authentication

 

WLC

wlcF018.png

 

 PC

ipconfig.png

 

Before user authentication we should check:

  • IP address assigned to client PC
  • Interface where client is bridged
  • VLAN interface
  • Associated WLAN
  • Policy Manager State - now WEBAUTH_REQ which is OK because client is not authenticated and WLC is waiting for authentication

 wlc004.png

 

  • Provide user and password and click submit

welcome.png

 

After successful authentication wired guest user should be able to browse Internet

 

  • Verify wired guest client on local controller

wlc005a.png

 Note: After wired guest authentication WLC knows guest client username and Policy Manager State change value to "RUN"

 

  •  Verify user authentication on radius server

wlc006.png

 wlc007.png

wlc008.png

 

dzbanek 2017-02-12

 

 

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.