Could anyone provide some direction into setting up a WX for web portal authentication?
Currently I am operating one encrypted SSID on a network with a single VLAN (NOT the default VLAN as I don't use that). This works fine. We configure wireless clients with the WPA key and away they go.
What I would like to do is now configure another SSID (clear/unencrypted SSID) that students, teachers etc can associate with and authenticate via the web portal in order to use it.
I am using development kit to try this out, but so far I have a cloned WX4400 with production config running, and I have setup another VLAN on the WX to service the clear SSID, with a radio profile etc. I have setup a switch with my VLANS and I have configured the temporary DHCP server in MSS and successfully obtained an expected IP address from this port on the WX on the VLAN I have configured. I can also ping the host interface address for the vlan.
Do I have this concept correct - as the access point is now running 2 SSIDS and I want to keep traffic seperate, the access point needs to tag traffic from itself to the switch depending what SSID it is coming from? and do I need to configure the port on my edge switches that my AP's are connecting to to expect only tagged or untagged traffic? Presumably they need to be set to only allow "tagged" traffic now, as the AP's would effectively be doing the tagging depending on source SSID?
No matter what I try I cannot even associate on the newly created clear SSID. It is "visible" but not associating, let alone even getting an IP address or redirecting me to the portal log on.
Anyone help me get this old dinosoar going!? I could do it via 3WXM or CLI if need be.
I do have some issues with 3COm WX4400, actually i am interested to have Guest SSID presently we do have one SSID which is for cooperate private and accessible for employees only. Actually here i need the authentication for private through radius (Active Directory) and i need to create one more SSID called guest with different vlan and should be authenticate through web.
please help me in this regard
The switch port connected to the AP will need to be untagged on the management vlan (so it can get an IP address and be controlled by the parent hardware) and tagged with all of the associated SSID VLans.
By default all wireless traffic is tunnelled back to the WX4400 from the access point. In order to have the AP tag the traffic and drop it out on the switch you need to enable local switching. Unless you will have a significant amount of traffic it's much simpler to allow the traffic to be tunnelled back and placed on the correct VLAN at the controller.
So all you need to do is create the new VLAN on the controller and tag it out the appropriate controller port or even use a physical port if it's going off to an ADSL router etc. Then associate that VLAN with the new SSID in the service profile properties.
Also ensure the fallthru access on the service profile is set to 'last resort' otherwise it'll be trying to do MAC authentication which may be why you can't connect.
Last edited by paulfinlay; 1st October 2011 at 03:42 PM.