Dhiresh Yadav is a wireless expert and working for the Cisco's High Touch Technical Support (HTTS) team, a team that provides reactive technical support to majority of Cisco’s premium customers. In this document Dhiresh has explained configuration steps required for a Web-auth SSID to allow a VPN user without needing a full web-auth authentication and still not get disconnected after every few minutes.
How to configure the Wireless LAN Controller for basic operation and Web-auth.
Cisco 5500 Series WLC that runs firmware Version 184.108.40.206.
Note: The Configuration and web-auth explanation provided below is applicable to all WLC models and any CUWN image equal to or above 220.127.116.11.
In a Customer network setup ,there are sometimes requirements to allow VPN by connecting to a Web-auth enabled wlan without authentication and hence finish web-authentication.VPN traffic is allowed by a Pre-auth ACl and hence VPN users can connect to the web-auth SSID without requiring authentication.This SSID might be in use by another set of users also who go through normal and full authentication to get the Internet access.The problem for these VPN users is that they pick the ip address but never finish complete authentication while connecting to VPN , So instead of session timeout , Web-auth timeout kicks in and the client is deauthenticated.
The value of this timer is 5 Minutes and has a fixed value till 7.6 WLC image.So it will make the wireless network nearly unusable for these kind of users because of this low web-auth session timeout value. The capability to change this value is added in 8.0. So if the client is not hitting the Idle timeout , it can access VPN via Pre-auth ACL allowed traffic and need not to go through Web-authentication or face disconnection for a longer period of time.
Configure the WLC
Complete the following configuration in order to configure the WLC for this setup:
We have two branch offices and the WAN is connected through IPsec tunnel. Presently those two office has Couple of AP's and it is connected to DC WLC in local- Centralize switching mode. Now we are planning to enable Flex Connect mode to branch...
I am configured HA in mobility Express
I have the mobility Express solution working correctly with an AP Master and the rest are slaves.
I configure the HA, it takes the role of Mobility Express and everything works fine
I turn off the Primary and ever...
Hi every one! I have this kind of issue, I connected a cable in Cat 2960-CX (trunk) and other side SW C9200L-48P-4G this SW we ready connect 9 access point C9115AXI over POE, one time connected, automatic restart this only C9115AXI' ports...i b...
HiI had been using wireless routers for my home usage, made for the consumer market. I was having reliability issues, so decided to switch to a brand like Cisco and purchase one for my home use.I purchased the 145AC access point, and plugged it downstream...
I have 2 Access Points. Much of the readings suggest that one uses channels 1,6 and 11 on the 2.4GHz band. Since I have 2 AP, could not I use a different combination of non-overlapping channels such as:3 & 85 & 10, etc. Am I missing som...