cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Web Authentication on WLC (wireless and wired) : complete guide

155353
Views
15
Helpful
32
Comments
Comments
Cisco Employee

I didn't understand the question correctly so then yes I agree with David :-)

Hi, guys.

That is exactly what I meant ... :-)

I have configured a pre-auth acl on this wlan allowing 10.10.10.10 as destination with tcp port any to any, and I

didn't forget to allow the 10.10.10.10 tcp answer packets, too.

But still not working, the site shows up fine when browsed to directly (on a lan, not with redirection .....)

What am I missing, any ideas ???

Participant

Can you share the ACL you created?  Did you apply it as a "preauthentication ACL" on the L3 policy for the WLAN in question?

This is the ACL:

And yes, I applied it as preauth-acl:

Hi, all.

I think I found my logical mistake, please correct me if I am wrong somewhere:

It is the Client, that needs to have connectivity to the external webauth server, not the WLC .... right ???

If so, I need to move the server, because the IP Address that the client gets via DHCP is taken from a different

VRF than the VRF the IP Address of the server is in..... No routing between both VRFs is allowed.

Moving the server to the clients VRF would allow the client to talk to the server and load the redirected login page .....

I will do some testing on that and report the results here....

Beginner

Hi Nicholas,, great summary of all the web auth features using different devices. Quick question on Splash Page Redirect.If you are using the ACS for uinput of redirection ., is the slash page hosted on the ACS Server or is it on the WLC? . Need to be able to customize the page for users and need to know where that page is created. They (corporate users) will be on a BYOD net using EAP-PEAP/WPA2 with AD Group Policy. The redirect is after they login they need to see that page that is created.

Thanks

Reg

Hi  Nicolas,

if we want to modify the success page for showing the remain time of use login. How we do ?

Many Thank.

Cisco Employee

You cannot modify the success page.

Beginner

Hi Nicolas,

I encounter one issue web auth with external AD for user credential. With local account is ok. But if we use AD account to login, it is not successful even though we configure properly. Can help to suggest what cound be the issue?

WLC & AD are working properly with different SSIDs. Now we just want to create new SSID with L3 security web auth.

Thank you so much,

Community Member

Hi Nicholas,

I have an urgent issue going on. the guest users are not getting the webauth page to type their username and password. I have checked almost everything, they are getting correct ip and dns from the pool, even i tried using new guest account with PSK even then they are not able to connect to internet though wireless showing connected.

Also i am not able to traceroute of resolve google.com neither with its ip nor with the name.

Could it be a DNS issue or webauth issue. Its very urgent

Cisco Employee

Urgent problem means you should open a TAC case. Otherwise ask your question on the forum but don't put it as a comment to a document please.

VIP Advocate

The URL to the feature request doesn't work for people without TAC access (or is it even Cisco internal?). Here the URL to the bugtoolkit: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy32145

Beginner

Hi Nicholas,

May i know if its possible to disable the port 80 service on WLC used for user web authentication page.

So currently the user is using http://1.1.1.1 and is redirected to https://1.1.1.1/login, so we want to disable http service on the wlc so that the user gets no service on it, but only in case he directly types https:// the authentication page should open.

Akhtar

Hi Anuj,

I am facing the same probles as u. Guest WLAN is broadcasting, clients are able to recv ip adress but shows limited internet access...Did u solve the issue..Please share ur expereince.

Thanks in advance,

Regards,

taufeeq

Beginner

Dear Nicolas

 

I nee your help i have wireless controller 5508 i want to configer dedicate SSID with deferent vlan i want broadcast only one SSID in each erea

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards