Buy or Renew
Buy or Renew
This forum is no longer in read-only mode. See this post for updates
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1860
Views
0
Helpful
6
Replies

WAP-371 Captive Portal does not automatically open

Thorsten Scheller
Level 1
Level 1

‎06-04-2015 01:29 AM

Hello,

 

i have successfully configured login via a WAP-371 AP but the Captive Portal welcome page only shows if i enter the IP of the WAP.

Otherwise the browser request timed out and the standard error page is shown.

I suppose the CP shall open whenever a http/https address is entered via any Browser for the first time a client joins the WiFi / its MAC is unknown.

I did not get any helpful information out of the admin guide or the forums so far.

 

Regards,

Thorsten Scheller

0 Helpful
6 Replies 6

Eric Moyers
Level 7
Level 7

‎06-15-2015 08:14 AM

My name Eric Moyers. I am an Engineer in the Small Business Support Center.

I am sorry to hear that you are experiencing this issue. I have set many portals up and have not seen this particular issue.

The quickest way to troubleshoot this would be to call in and open a case with one of our answering Engineers. They can then go over your configuration with you.

If you prefer to do this through the support forums.... could you send me a screen capture of all of your Captive portal setup pages. Once you have those you can email them to me by putting your mouse over my picture, that will revel my email address and I can over them for you.

If this does not improve your issue, please call our support center and open a case so that one of our engineers can work directly with you.
http://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

Eric Moyers
.:|:.:|:. CISCO | Cisco Presales Technical Support | Wireless Subject Matter Expert

Please rate helpful Posts and Let others know when your Question has been answered.

0 Helpful

Thorsten Scheller
Level 1
Level 1
In response to Eric Moyers

‎06-23-2015 11:14 PM

Hello Mr. Moyers,

 

i think the quickest way will be to open a call for Cisco support. (hope i can find the right option on the page).

 

also i did not figure aut how to change the authentication method from the Captive Portal (always EAP/MD5 which is incompatible with our Windows AD/NTLM).

 

I will post answers if i get some.

 

Regards,

 

Thorsten Scheller

0 Helpful

Thorsten Scheller
Level 1
Level 1
In response to Thorsten Scheller

‎06-23-2015 11:47 PM

Ok, i'd better mail my issues to you.

 

Regards,

Thorsten Scheller

0 Helpful

Eric Moyers
Level 7
Level 7
In response to Thorsten Scheller

‎06-24-2015 07:28 AM

I have your email, I will send you a response within 24 hours.

Eric Moyers

0 Helpful

Thorsten Scheller
Level 1
Level 1
In response to Eric Moyers

‎07-03-2015 06:25 AM

Hello,

 

i'd solved the issue of auto-connect to the CP site (the DHCP server had to hand out a working DNS server entry).

Nevertheless the fact exists and is not investigated further through Cisco Support team that the AP only sends EAP-Messages via MD5 method for authentication.

The Handbook said that the RADIUS server has to be able to use EAP/MSCHAPv2, PEAP or else but even if i configure RADIUS Server to use any other method the WAP-371 replies with a EAP/NAK for MD5.

 

I hope you can figure out more to change this behavior to those proclaimed in the WAP's Admin Guide.

 

Regards,

 

Thorsten

 

---------------------------------------------------------------------------------

rad_recv: Access-Request packet from host ***WAP-IP*** port 42088, id=12, length=65

        User-Name = "TEST"

        NAS-IP-Address = ***WAP-IP***

        NAS-Port-Type = Wireless-802.11

        EAP-Message = 0x0200000…

        Message-Authenticator = 0xa54d08ed211c057…

+- entering group authorize {...}

Found Auth-Type = EAP                                                                                                                          

+- entering group authenticate {...}

[eap] EAP Identity

[eap] processing type tls

[tls] Initiate

[tls] Start returned 1                                                                                                                                  

++[eap] returns handled

Sending Access-Challenge of id 12 to ***WAP-IP*** port 42088

        EAP-Message = 0x010100…

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xfcb62cf6fcb7354985…

Finished request 0.

 

rad_recv: Access-Request packet from host ***WAP-IP*** port 42088, id=13, length=81

        User-Name = "TEST"

        NAS-IP-Address = ***WAP-IP***

        NAS-Port-Type = Wireless-802.11

        State = 0xfcb62cf6fcb73549…

        EAP-Message = 0x020100060304

        Message-Authenticator = 0x73f7ea576782a…

+- entering group authorize {...}

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP NAK

[eap] EAP-NAK asked for EAP-Type/md5                                                                                       

[eap] processing type md5

rlm_eap_md5: Issuing Challenge

++[eap] returns handled                                                                                                                          

Sending Access-Challenge of id 13 to ***WAP-IP*** port 42088

        EAP-Message = 0x0102001604103c18ed6657c1…

        Message-Authenticator = 0x00000000000000000000000000000000

        State = 0xfcb62cf6fdb428498540b…

Finished request 1.

 

rad_recv: Access-Request packet from host ***WAP-IP*** port 42088, id=14, length=97

        User-Name = "TEST"

        NAS-IP-Address = ***WAP-IP***

        NAS-Port-Type = Wireless-802.11

        State = 0xfcb62cf6fdb428498540b5…

        EAP-Message = 0x020200160410da0f17542…

        Message-Authenticator = 0xc77ab30ba230af…

+- entering group authorize {...}

Found Auth-Type = EAP

+- entering group authenticate {...}

[eap] Request found, released from the list

[eap] EAP/md5

[eap] processing type md5

rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication                    

[eap] Handler failed in EAP/md5

[eap] Failed in EAP select

++[eap] returns invalid

Failed to authenticate the user.

Login incorrect: [TEST] (from client WAP-371 port 0)

Using Post-Auth-Type Reject

 

0 Helpful

Eric Moyers
Level 7
Level 7
In response to Thorsten Scheller

‎07-13-2015 09:07 AM

Hello Mr. Scheller,

I apologize for the delay, I was on vacation for the past week.

There is no configuration available on the WAP to change its function in regards to MD5. I understand that the Admin Guide mentions that the Radius server has to be able to support PEAP and MSCHAPv2 for wireless clients.

The Outer tunnel from the WAP to the Radius Server in all of our Small Businesses products uses MD5. The inner tunnel which is between the Radius server and the Client will be whatever is configured on the Server.

If you would like to request that the outer tunnel use something other than MD5 a feature request would have to be placed, If you would like to pursue that, you would have to call in and open a feature case to be escalated and considered.

Eric Moyers

0 Helpful
Customers Also Viewed These Support Documents