||To create a dynamic interface
for wired guest user access, choose
Interfaces page appears.
New to open the
Interfaces > New page.
||Enter a name and VLAN ID for
the new interface.
Apply to commit
Number text box, enter a valid port number. You can enter a number
between 0 and 25 (inclusive).
Apply to commit
||To create a wired LAN for
guest user access, choose
||On the WLANs page, choose
Create New from
the drop-down list and click
||From the Type drop-down list, choose Guest
Profile Name text box, enter a name that identifies
the guest LAN. Do not use any spaces.
||From the WLAN ID drop-down
list, choose the ID number for this guest LAN.
You can create up to five
guest LANs, so the WLAN ID options are 1 through 5 (inclusive).
Apply to commit
Enabled check box
for the Status parameter.
||Web authentication (Web-Auth)
is the default security policy. If you want to change this to web passthrough,
||From the Ingress Interface drop-down list, choose the VLAN
that you created in
This VLAN provides a path between the wired guest client and the controller by
way of the Layer 2 access switch.
||From the Egress Interface drop-down list, choose the name
of the interface. This WLAN provides a path out of the controller for wired
guest client traffic.
||If you want to change the
authentication method (for example, from web authentication to web
Layer 3. The
> Edit (Security > Layer 3) page appears.
||From the Layer 3 Security drop-down list,
choose one of the following:
None—Layer 3 security is disabled.
Web Authentication—Causes users to be prompted for a
username and password when connecting to the wireless network. This is the
Web Passthrough—Allows users to access the network
without entering a username and password.
There should not be a Layer 3
gateway on the guest wired VLAN, as this would bypass the web authentication
done through the controller.
||If you choose the Web Passthrough option, an
check box appears. Select this check box if you want
users to be prompted for their e-mail address when attempting to connect to the
||To override the global authentication configuration set on
the Web Login page, select the
Override Global Config
||When the Web Auth Type drop-down list appears, choose one
of the following options to define the web authentication pages for wired guest
Internal—Displays the default web login page for the
controller. This is the default value.
Customized—Displays custom web login, login failure,
and logout pages. If you choose this option, three separate drop-down lists
appear for login, login failure, and logout page selection. You do not need to
define a customized page for all three options. Choose
None from the
appropriate drop-down list if you do not want to display a customized page for
||These optional login,
login failure, and logout pages are downloaded to the controller as webauth.tar
External—Redirects users to an external server for
authentication. If you choose this option, you must also enter the URL of the
external server in the URL text box.
You can choose specific
RADIUS or LDAP servers to provide external authentication on the WLANs >
Edit (Security > AAA Servers) page. Additionally, you can define the
priority in which the servers provide authentication.
||If you chose
External as the web authentication type in
Security > AAA
Servers and choose up to three RADIUS and LDAP servers using the
||You can configure the Authentication and LDAP Server using both
IPv4 and IPv6 addresses.
||The RADIUS and LDAP external
servers must already be configured in order to be selectable options on the
WLANs > Edit (Security > AAA Servers) page. You can configure these
servers on the RADIUS Authentication Servers page and LDAP Servers page.
||To establish the
priority in which the servers are contacted to perform web authentication as
||The default order is local,
Highlight the server type
(local, RADIUS, or LDAP) that you want to be contacted first in the box next to
the Up and Down buttons.
Down until the
desired server type is at the top of the box.
Click the < arrow to move the server type to the priority
box on the left.
Repeat these steps to
assign priority to the other servers.
process if a second (anchor) controller is being used in the network.