User guide
3-7
Cisco WLAN Controller Web Interface User Guide
OL-7416-04
Chapter 3 WLANs Menu Bar Selection
WLANs
• When you select Layer 3 VPN Pass Through, fill in the VPN Gateway IPSec Pass Through
Address.
• With VPN Pass Through, but not with IPSec or L2TP, you may also enable Web Authentication,
also known as Web Auth.
• When you have Web Authentication enabled, you can also select a Preauthentication ACL, which
allows you to assign any of the Access Control Lists displayed on the Access Control Lists page.
Note To enable Web Authentication, you MUST configure the Virtual Gateway Address in the Interfaces
page.
RADIUS Servers
You can configure up to three RADIUS servers for the WLAN. Table 3-5 describes the RADIUS server
parameters.
Web Policy Select this check box to enable the Web Policy. The following
parameters are displayed.
• Authentication - If you select this option, you will be prompted for
user name and password while connecting the client to the wireless
network.
• Passthrough - If you select this option, you can access the network
directly without entering the user name and password.
• Preauthentication ACL – Select the ACL to be used for traffic
between the client and the controller. Refer to Access Control Lists
for more information.
• Email Input – This option is available for the Passthrough option
only. If you select this option, you will be prompted for your email
address while connecting to the network.
Note You must have the optional VPN/Enhanced Security Module (crypto processor card) installed
to enable IPSec. Verify it is installed on your controller using the Inventory page.
Note When you select IKE Authentication Pre Shared Key or XAuth Pre Shared Key, you must also
enter a key.
Note When you select XAuth Pre Shared Key, the key must be at least eight bytes to interoperate
with Cisco clients. Other tested clients function with a key of less than eight bytes.
Table 3-4 Layer 3 IPSec and L2TP Parameters (continued)
Parameter (Note 1) Range