05-15-2019 03:32 AM - edited 07-05-2021 10:23 AM
Good day
i have a problem which is rather weird. i configured web auth (internal) using lobby account to create passwords for guests. however when i test only phones pass the auth stage and have access to internet. difference now is i have tested 2 laptops thus far redirection takes 10mins to pop up. after i submit credentials there is no internet connection. changed browsers aswell
am using both layer 2 and 3 security
thanks in advance
05-15-2019 05:58 AM
Hi,
Check DNS e proxy on laptos. Keep in mind that this is probably devices problem and not network problem. The main reason problem for web redirect is DNS problem.
Also, try different browsers. Try to open a site with http website instead https.
-If I helped you somehow, please, rate it as useful.-
05-15-2019 07:41 AM
please see below outputs for network summary and debug output
network summary
---------------
(Cisco Controller) >show network summary
RF-Network Name............................. Lea-Wireless
DNS Server IP............................... 0.0.0.0
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode SSL Protocol................ Disable
Web CSRF check.............................. Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Secure Shell (ssh) Cipher-Option High....... Disable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
IPv4 AP Multicast/Broadcast Mode............ Unicast
IPv6 AP Multicast/Broadcast Mode............ Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds
--More-- or (q)uit
MLD query interval.......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Mesh Backhaul RRM........................... Disable
AP Fallback ................................ Enable
AP EasyAdmin ............................... Disable
AP Virtual IP .............................. 0.0.0.0
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Web Auth Secure Web Cipher Option ......... Disable
Web Auth Secure Web Sslv3 ................. Disable
Web Auth Secure Redirection ............... Enable
debug web-auth
---------------
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- bytes parsed = 306
*webauthRedirect: May 15 17:14:59.285: captive-bypass detection disabled, Not checking for wispr in HTTP GET, client mac=94:39:e5:18:f0:73
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Preparing redirect URL according to configured Web-Auth type
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- unable to get the hostName for virtual IP, using virtual IP =192.0.2.1
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Checking custom-web config for WLAN ID:2
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Global status is enabled, checking on web-auth type
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Web-auth type Internal, no further redirection needed. Presenting defualt login page to user
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- http_response_msg_body1 is <HTML><HEAD><TITLE> Web Authentication Redirect</TITLE><META http-equiv="Cache-control" content="no-cache"><META http-equiv="Pragma" content="
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- http_response_msg_body2 is "></HEAD></HTML>
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- parser host is 192.0.2.1
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- parser path is /
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- added redirect=, URL is now https://192.0.2.1/login.html?
d*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- str1 is now https://192.0.2.1/login.html?redirect=192.0.2.1/
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- clen string is Content-Length: 301
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Message to be sent is
HTTP/1.1 200 OK
Location: https://192.0.2.1/login.html?redirect=192.0.2.1/
Content-Type: text/html
Content-Length: 301
<HTML><HEAD><TITLE> W
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- 200 send_data =HTTP/1.1 200 OK
Location: https://192.0.2.1/login.html?redirect=192.0.2.1/
Content-Type: text/html
Content-Length: 301
<HTML><HEAD><TITLE> Web Authe
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- send data length=426
*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Web-auth type External, but unable to get URL
u*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- cleaning up after send
*webauthRedirect: May 15 17:14:59.285: 2335 - 94:39:e5:18:f0:73- closing socket= 99
*emWeb: May 15 17:15:02.245: SSL Connection created for MAC:94:39:e5:18:f0:73
*emWeb: May 15 17:15:02.267:
ewaURLHook: Entering:url=/login.html, virtIp = 192.0.2.1, ssl_connection=1, secureweb=1
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.267: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: No redirect URL configured
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page /login.html
d*emWeb: May 15 17:15:02.268: WLC received client 94:39:e5:18:f0:73 request for Web-Auth page
05-15-2019 10:30 AM
I see something weird. :
"*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Web-auth type Internal,"
"*webauthRedirect: May 15 17:14:59.285: 94:39:e5:18:f0:73- Web-auth type External"
What do you have on SECURITY > Web Auth > Web Login Page ?
-If I helped you somehow, please, rate it as useful.-
05-15-2019 11:22 AM
web authentication type : internal (default)
redirect URL after login: https://www.google.com
see attached: UE can get ips etc,
05-17-2019 06:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide