EasyManuals Logo

Cisco Catalyst 4500 Series Software Configuration Guide

Cisco Catalyst 4500 Series
2086 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1444 background imageLoading...
Page #1444 background image
53-2
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 53 Configuring Wired Guest Access
Information about Wired Guest Access
• Wired guest access works on Supervisor Engine 8-E in wireless mode only.
• Tunneling of wired clients is not supported when the client is attached to a port at the Cisco Next
Generation Wiring Closet (NGWC) device that is configured for open mode.
• Tunneling of wired clients is not supported after successful web authentication at the NGWC device
because automated IP address reassignment is not supported after web-authentication.
• The NGWC device supports network access only via the tunnel based on the web authentication that
occurs at the controller.
• The Network Advertisement and Selection Protocol (NASP) is not supported for wired clients.
• High availability is not supported for wireless sessions. If the wireless controller fails while
providing tunneled guest access for a wired client, the state is not automatically recovered.
• Inactivity aging is not enforced for a wired client that is provisioned to the wireless controller; for
example, within a RADIUS Access-Accept request that is received after web authentication is
performed at the controller.
Information about Wired Guest Access
Wired Guest Access Overview
Enterprise networks that support both wired and wireless access need to provide guest services that are
consistent across the two access media, from a perspective of both client experience and manageability.
For wireless networks, guest traffic from a mobility anchor device is directed typically through a Control
And Provisioning of Wireless Access Points (CAPWAP) tunnel to an array of controllers in the
demilitarized zone (DMZ), where either web-authenticated access or open access is provided. Wired
guest traffic can also be backhauled to the DMZ using more traditional tunneling mechanisms like
Generic Routing Encapsulation (GRE). The Cisco Next Generation Wiring Closet (NGWC) platforms,
with converged wired and wireless access, can extend CAPWAP tunneling to wired guests also, allowing
for very similar handling at the controller platform (in the DMZ) and reducing the provisioning
overhead.
However, security remains an issue because it is not possible to determine, prior to authentication,
whether a wired client is a guest or requires access to the corporate network. Consequently, the decision
to tunnel a wired client’s traffic to the DMZ cannot be made with the certain knowledge that the client
is a guest.
Due to the lack of network selection for wired clients, open mode cannot be supported with guest
tunneling. Open mode is when an IP address is allocated as soon as a client connects to the access switch.
Once the client is connected via a tunnel, it must be reassigned an IP address from a subnet provisioned
at the DMZ, before web authentication can be attempted.

Table of Contents

Other manuals for Cisco Catalyst 4500 Series

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco Catalyst 4500 Series and is the answer not in the manual?

Cisco Catalyst 4500 Series Specifications

General IconGeneral
SeriesCatalyst 4500 Series
CategorySwitch
Layer SupportLayer 2, Layer 3
Form FactorModular chassis
StackableNo
Chassis Slots3, 6, 7, 10
Power Supply OptionsAC, DC
RedundancyPower supply, Supervisor engine
Network ManagementCisco IOS Software CLI, SNMP, Cisco Prime Infrastructure
FeaturesSecurity, QoS
Port DensityUp to 384 ports per chassis
Security Features802.1X, ACLs, DHCP Snooping, Dynamic ARP Inspection, IP Source Guard
Supervisor Engine8-E

Related product manuals