1 / 17

Guest Access

Guest Access. Guest Access Services. Native capability of Unified Wireless solution Offers guest access control for wireless clients connecting through LAP / WLC infrastructure. Leverages internal web portal and user database within WLC Simple Guest credential management

schuyler
Download Presentation

Guest Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guest Access

  2. Guest Access Services • Native capability of Unified Wireless solution • Offers guest access control for wireless clients connecting through LAP / WLC infrastructure. • Leverages internal web portal and user database within WLC • Simple Guest credential management • Lobby Admin account capability on WCS and WLC • Support for auto password generation and account expiry • WLC Release 4.1 introduces N+1 (Auto) Anchor Redundancy • WCS Release 4.1 introduces enhanced Lobby Admin capabilities

  3. Guest Access Services Supported Platforms • Anchor WLC • 4400 Series • 6500 Series WISM • Cisco Catalyst 3750G-24WS • Non-anchor WLC • 2100 Series • 4400 Series • 6500 Series WISM • WLC Module for Integrated Service Routers (ISR) • Cisco Catalyst 3750G-24WS • LWAPP APs • ALL

  4. Guest Access Services Functionality Overview • Guest User Segmentation • Achieved using Ethernet over IP protocol. • EoIP tunnel(s) defined between foreign WLCs and one or more ‘anchor’ WLCs positioned in the Internet DMZ • Isolates guest traffic from hosting enterprise network • Guest Access Control. • Enforced at anchor WLC • Guest WLAN(s) terminate on anchor WLC • Web Authentication • Guest redirect to web portal for authentication • Username / password in SSL page

  5. WCS Internet Corp Servers Redundant Anchor Controllers 1 2 DNS WEB DHCP Anchor 1 EoIP Tunnels Anchor 2 EoIP Tunnels Tunneled User Data Campus/ Foreign WLC LWAPP WLANs Guest Access Services Example Guest Access Topology

  6. Guest Access Services General Solution Capabilities • Support for internal or external web portals • ‘Internal’ server supports downloadable, customized portal pages. • Support for internal or external user database • Web authentication can be forwarded to external AAA server1 • Support for pass through mode • Guest credentials not required • User agrees to ‘Terms and Conditions’ and ‘clicks’ to connect. • Lobby Ambassador Interface • ‘Limited privileges’ account on WCS and/or Anchor WLC • Allows lobby admin access to ‘guest’ subsystem to create/manage user credentials. 1Lobby Ambassador functionality not available in this configuration.

  7. Guest Access Services N+1 Anchor Redundancy • Introduced in Release 4.1 • Permits the implementation of a ‘back-up’ anchor WLC • The guest WLAN (at foreign WLC) is mapped to two or more mobility anchors • Improved status reporting indicating tunnel state for control and data planes • Load balanced guest connections • Multiple guest user connections (per foreign WLC) are round robin load balanced across anchor WLCs. • Hot/standby behavior not supported • Failure of active anchor: • Existing clients de-associated and re-associated to alternate anchor WLC • Requires users to re-authenticate

  8. Guest Access Services Guest WLAN example with redundant anchor WLCs

  9. Guest Access Services Lobby Ambassador Accounts • WCS 4.1 Lobby Ambassador Account • Restricted access/privileges on WCS • Only permits guest credentials to be created as a template and applied to one or more anchor WLCs. • Two types of WCS guest templates • Add Guest User (for immediate access) • Schedule Guest User (for future access) • Additional Capabilities: • Email guest credential information • Location based guest access (using WCS w/ location license)

  10. Guest Access Services WCS Lobby Ambassador – Add Guest User

  11. Guest Access Services WCS Lobby Ambassador – Applying Guest Template

  12. Guest Access Services WCS Lobby Ambassador – Schedule Guest

  13. Guest Access Services WCS Lobby Ambassador – Email Guest Credentials

  14. Guest Access Services WCS Lobby Ambassador – Applying Scheduled Guest Template

  15. Guest Access Services WLC Lobby Ambassador • WLC Lobby Ambassador Account • Restricted access/privileges on WLC • Allows guest credentials to be created and applied directly at the anchor WLC. Attributes include: • • User name • • Auto generate password (check box) or Administrator assigned password • • Confirm password • Credentials lifetime—days:hours:minutes • • SSID (select box)—Only WLANs configured for Layer 3 web policy authentication are displayed • • Description

  16. Guest Access Services Anchor WLC Lobby Ambassador –

  17. Guest Access Services Anchor WLC Lobby Ambassador –

More Related