cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1536
Views
10
Helpful
1
Replies
Highlighted
Beginner

WebAuth SecureWeb

I am working on a new 5520 WLC running 8.3.143.0 code.  We have a WLAN using Layer 3 Passthrough for security.  From my understanding, to avoid a certificate error on the browser of an end user, you could generate and upload a 3rd party certificate or you can disable WebAuth SecureWeb.  My question is, will disabling WebAuth SecureWeb go against best practice and why?

 

 

Thanks in advance for your feedback.

1 REPLY 1
VIP Mentor

Re: WebAuth SecureWeb

Hi,

Cisco Says:

By default, WLC allows low security crypto options for HTTPS negotiation to ensure backward compatibility, which are no longer considered strong enough in several scenarios. For security reasons, it is advisable to force the controller to use only strong cyphers with the high encryption command. This may cause some interoperability issues if the client connecting to HTTPS only supports legacy or limited crypto options, so it is advisable to do testing for possible issues. This is not a problem for most modern browsers and operating systems.

 

 

Workaround:

1. To avoid the error: either you have to use SSL certificate

 

or....

 

2. Just change that authentication page from https to http. On the controller go to MANAGEMENT –> HTTP-HTTPS. The third item from the top is “WebAuth SecureWeb”, the options are enable or disable. Default is enable so change it to disable. You then need to go to CONTROLLER –> INTERFACES –> VIRTUAL make sure the “DNS Hostname” field is empty. The IP address does not matter, 1.1.1.1 is very common. If you change the virtual address you will need to reboot the controller.

After changing the WebAuth SecureWeb to disable and rebooting the controller your guests can access and enjoy an authentication screen without the SSL certificate error.

 

Regards

Dont forget to rate helpful posts

CreatePlease to create content
Content for Community-Ad