Summary:
This document covers the configuration for wired-authentication using fall-thru authentication of web-portal and authentication local on WLC
Solution:
1. Clearing the port type in preparation for wired authentication
- Select the port for wired authentication, remove it from any VLANs and make sure it’s not configured as an AP port. You can reset the port to the port’s default configuration using the following command:
WLC# clear port type <port_nr>
- Remove the port from one or more VLANs using the following command:
WLC# clear vlan <vlan_name> port <port_nr>
2. Configure the WLC for web-portal wired-authentication
- Configure the web wired authentication local on WLC
WLC# set authentication web wired ** local
- Configure the vlan attribute for web-portal-wired users
WLC# set user web-portal-wired attr vlan-name <VLAN_name>
- It is handy to name the port to a descriptive name using the following command:
WLC# set port <port_nr> name <port_name>
- Set the port type, VLAN tag and the fall-thru authentication for web-portal
WLC# set port type wired-auth <port_nr> tag <VLAN_tag_nr> auth-fall-thru webportal
- The default maximum nr of wired clients per port is one. You can change that
using the command:
WLC# set port type wired-auth <port_nr> max-sessions
Ex:
WLC-TAC# set vlan 424 name MD424
WLC-TAC# set vlan 424 port 1 tag 424
WLC-TAC# set authentication web wired ** local
WLC-TAC# set user web-portal-wired attr vlan-name MD424
WLC-TAC# set port type wired-auth 2 tag 424 max-sessions 1 auth-fall-thru web-portal
Modification History:
2020-10-10: Archived article.