Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic, except DHCP-related packets, from a particular client until that you have correctly supplied a valid username and password. When you use web authentication to authenticate clients, you must define a username and password for each client. Then when you attempt to join the wireless LAN, you must enter the username and password when prompted by a login window.
When web authentication is enabled under WLAN Security Policies, it is possible that you receive a web-browser security alert the first time that you attempt to access a URL. After you click Yes to proceed, or if the browser does not display a security alert, the web authentication system redirects you to a login window.
This is a brief description of how the External Web Authentication Works:
When you open a web browser with a URL, for example www.cisco.com, it is verified for authentication. If it is not authenticated, the controller forwards the request to the controller web server in order to collect authentication details.
The controller web server then redirects the user to the external web server URL. The external web server leads you to a login page. At this point, you are also allowed to access the Walled Garden Sites. The Walled Garden sites are a group of websites that you can browse before the sites are authenticated on to your wireless network.
Note: For a Cisco 2000 Series Wireless LAN Controller, you must configure a pre-authentication ACL on the WLAN for the external web server. This ACL needs to then be set as WLAN pre-authentication ACL under Web Policy. But, you do not need to configure any pre-authentication ACL for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers.
The login request is sent to the action URL of the controller web server. The controller web server submits the username and password for authentication.
The controller application initiates the RADIUS server request and authenticates the user.
If successful, the controller web connects the client and the controller web server forwards you to the configured redirect URL or to the initially requested URL, for example, www.cisco.com.
If the user authentication fails, the controller web server redirects you to the URL of the login page.
Refer to these documents for more information on web authentication:
Hi All, We are troubleshooting slow Wi-Fi speeds in a new office we are moving to. This floor has: - lots of large glass windows, - glass partitions for meeting rooms - and recently, glass shields on top of desks which were...
Hi all , I have an issue regarding the voice,WLC 5520 ver 8.10 Our APs are FlexConnect and no any QoS , I had test the internet by PING to SKYPE , LINE host every look properly , Now I am focusing at VOICE , What s...
Hi we are going to lag interfaces on wlc3504. Based on gui of the wlc, we enabled the LAG and rebooted it. LAG means binding several ports together into one. My question is when I was trying to enable it, there was not chance to define which several ports...
Hello Brother ,I need you help please I have cisco AP 1572eac , and i converted the IOS to Autonomous 15.3.3-JPK ,i can access the web interface , but the problem is when i made some change inside the web bowers ,its still...
I can't get access through the console port due to my USB adapter that stucks in the black screen.My dhcp scope is disabled and I wanted to set static IP to force my ACP to join on WLC If possible to access through the aux port, what is the default I...