Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic, except DHCP-related packets, from a particular client until that you have correctly supplied a valid username and password. When you use web authentication to authenticate clients, you must define a username and password for each client. Then when you attempt to join the wireless LAN, you must enter the username and password when prompted by a login window.
When web authentication is enabled under WLAN Security Policies, it is possible that you receive a web-browser security alert the first time that you attempt to access a URL. After you click Yes to proceed, or if the browser does not display a security alert, the web authentication system redirects you to a login window.
This is a brief description of how the External Web Authentication Works:
When you open a web browser with a URL, for example www.cisco.com, it is verified for authentication. If it is not authenticated, the controller forwards the request to the controller web server in order to collect authentication details.
The controller web server then redirects the user to the external web server URL. The external web server leads you to a login page. At this point, you are also allowed to access the Walled Garden Sites. The Walled Garden sites are a group of websites that you can browse before the sites are authenticated on to your wireless network.
Note: For a Cisco 2000 Series Wireless LAN Controller, you must configure a pre-authentication ACL on the WLAN for the external web server. This ACL needs to then be set as WLAN pre-authentication ACL under Web Policy. But, you do not need to configure any pre-authentication ACL for Cisco 4100 Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers.
The login request is sent to the action URL of the controller web server. The controller web server submits the username and password for authentication.
The controller application initiates the RADIUS server request and authenticates the user.
If successful, the controller web connects the client and the controller web server forwards you to the configured redirect URL or to the initially requested URL, for example, www.cisco.com.
If the user authentication fails, the controller web server redirects you to the URL of the login page.
Refer to these documents for more information on web authentication:
Hi guys,I've been trying to get the new Catalyst controller virtual to work and trying to learn the basics of it also.However I'd like to ask about the best practices in setting up the thing and if there are clues in the running config of a physical appli...
Hi everybody; I have the following scenario (IP's are fake, is only orientative example), i am implementing a new mobility express topology because in our company everybody is still using ethernet cable :S, the following topology is that: ...
Hi ,I have a requirement to assign a particular host (mac address) to specific WLAN interface on both Non-IOSXE (eg. cisco 5508 wlc) & IOS-XE cisco 3850 (with wireless module) switches. Basically host connect to a SSID and that SSID is on a specific W...
9120 AX Access point not joining controller (220.127.116.11 code) and the error I am getting at every turn is - Waiting for preferred uplink IP configuration - anyone have anything I can try. I did try to manually place IP on access point. ...
I am trying to convert a bunch of AP3800s from capwap to ME and I am getting failures once the file downloads and then tries to install on the AP3800s. These AP3800s are all listed as model AIR-AP3802i-B-K9 Is there any...