Here is a video which explains Web authentication on Wireless lan controllers. This video starts with the basics and then discusses the details of the web authentication process.
If you are using an external web server for web authentication with a Cisco 5500 Series Controller, a Cisco 2100 Series Controller, or a controller network module, you must configure a preauthentication ACL on the WLAN for the external web server.
Normally, no traffic from the user is allowed to pass through the WLC until the client authenticates successfully with the WLC. With pre-authentication ACL, as the name implies, you can allow client traffic to and from a specific IP address even before the client authenticates. This helps to forward the client traffic to the External Web Authentication server (external to the WLC network), which is used to authenticate the user in the web authentication process.
Thanks Rajesh for the slideshow video. The web authentication configuration seems pretty straighforward as you mentioned in the video. But I think it could be helpful to describe the LAN set; router, switch configurations when setting up guest vlans for WIRED guest services as well. I have a situation where I want to deploy a pair of 4404 controllers as a anchor for about 20 remote locations. BUT at the remote locations need wired guest services. I have currently deployed Bluesocket devices at the remote facilities and want to shut them down and run only WLCs. Thanks again and just thought others might want to see more detail like this on the wired setup.
What if you are doing web-passthrough ? Is the ACL still allowing pre-auth clients to access allowed hosts?. I ask because currently we are having an issue were connected clients ( using a web pass-through wlan policy) , if they have the local web page as home , it is not redirecting to the validation web page , unless they open a different web page , then after they click accept , they are able to go to any web site.
Im looking for the "Web Authentication on Cisco Wireless LAN Controllers (WLCs)" video but I cant find it. I only see Rajesh saying "hi" 5 seconds. Can someone please provide me the link of the example video?
Dear All I have a case below: I have an ISE node. EAP certificate is expired so I renewal it and received the certificate from Zone which is using normal for other sites ( Europe, India, America..) But in Vietnam, we met the issue as the picture...
view more
Hello everyone, I have a problem I need to solve with my WLC MAc filtering. I found ton of topics on how to block mac addresses on certain SSID on WLC however I didn't find even one that properly explains how to allow only few mac addresses to connec...
view more
Hi everybody;I have the following question, i just installed and configured WLC controller with 7 AP's, the management interface have the ip address 192.168.10.90. i am able to ping the interface vlan 10 (internally is the management vlan) of switch 1 (19...
view more
I understand that the Cisco WLC has the ability to bridge Bonjour services between subnets. We have an issue with Bonjour services where sometimes clients cannot Airplay to an Apple TV that is on the same subnet as the client (they cannot find the Ap...
view more
Hi We need to purchase 2802i AP's which are enabled to capwap as soon as they are taken out of the box. The company that I work with recently bought AP's that were 2802i with the model number AIR-2802i-E-K9 which we found to be ME by default. Th...
view more
