additional web-auth authorization

My hardware: WLC 5508, ASC express, some AP 1142N K9 lightweight, switch


I have L3 web auth authorization for WLAN clients, save in ASC radius user database.

How extend this authorization method by static IP for MAC address with the user's login and password.

Only login+password+MAC pass the slient to WLAN, who take static IP address.

Reply to
Loading thread data ...

There's no way to have RADIUS (I suppose you were thinking of "Framed-IP-Address") assign a fixed IP address to a wireless client

- not, at any rate, with a Cisco autonomous IOS AP or WLC.

The AP / WLC is (basically) a layer 2 device, while assigning an IP address is a layer 3 operation.

Theoretically (if you were doing EAP authentication), you could set up the WLC as a DHCP server, and then have RADIUS send down the Framed-IP-Address value to the WLC, and then the WLC's DHCP server could provide that address to the client. But we don't support that, and in any case, that can't work with a web auth client, which must get its IP address from DHCP *before* it does the web auth. (Can't do web without an IP address.)

Now, if you know the client's MAC address, you could set up static bindings to fixed IP addresses in your DHCP server (the WLC DHCP server doesn't support this, but many/most DHCP servers, including IOS's do.)



Reply to
Aaron Leonard Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.