I'd like to use WLAN Web authentication, but have no experience with it. I'd like to use such an authentication for staff members and external people, whereby the external people when logged are only permitted internet access. The staff on the other hand should also get access to specific internal servers.
Is it possible to distinguish between two logged in users if they are either staff members or guests and then forward/redirect the traffic?
I found the Cisco Web authentication on a WLC controller that has a lot of options, but I couldn't find anything regarding this specific requirement link
Has anyone experience with such a device?
Best Answer
I think you are looking at this incorrectly.
Typically, you would have multiple SSIDs, including one for guests. The VLAN for the guest SSID would only be allowed to be routed to the Internet, while other SSIDs would be on networks which have various internal access restrictions, or not.
Often, 802.1X is used for such authentication, but there are other authentication methods, and Cisco WLCs support several (see Authentication on Wireless LAN Controllers Configuration Examples). A guest would only be able to be authenticated on the guest SSID since the guest credentials will not exist for the other SSIDs.