Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2413
Views
15
Helpful
2
Replies

9800 Webauth local and remote authentication issues.

Go to solution
Dylan Hyndman
Level 1
Level 1

‎04-28-2022 01:55 AM

Hello,

I've recently migrated from a 5508 to a 9800 WLC (17.3.4c code) I've done this mostly using the config conversion wizard that is available, and so far the migration has gone well. However I am getting stuck with some authentication with webauth.

 

I'm using the webauth bundle to present the login page from the WLC.

When a user authenticates, the authentication requests is passed to our Windows NPS service which processes the user nicely if it exists, which is all good. The problem I have is that I can't also get it to authenticate local guest users i.e. guest accounts created by the lobby account. I can see the requests hitting our NPS service and failing as they only exist locally. 

 

On the 5508 WLC, for webauth under security and AAA servers there is the option for "Authentication priority order for web-auth user" which allows you to specify the order for authentication i.e. Local, Radius, LDAP. I don't seem to be able to find a similar feature on the 9800.

 

I've obviously spent a bit of time searching for an answer to this and have found guides for setting up either local or remote authentication, but nothing explaining how to combine any solution for local, then remote auth.

 

Has anyone got a solution for this?

 

Thanks

D

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP

‎04-28-2022 02:16 AM

Hi

 Look this link :

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213923-configure-a-web-authentication-ssid-on-c.html 

You can search for:

"Navigate to Configuration > Security > AAA > AAA Method List > Authentication and Add a Login Authentication method."

 

You can also use cli:

# configure terminal
# aaa new-model
# aaa authentication login <login-local-name> local

View solution in original post

Go to solution
Dylan Hyndman
Level 1
Level 1

‎04-28-2022 02:59 AM

Hi Flavio,

Thank you, that has put me on the right path. I needed to set the AAA authentication group as Type login, Group type local, but also add in my NPS servers.

 

WLAN > Security > L3 > Authentication List > <Auth Group>

Config > Security > AAA Method List > Authentication > <Auth Group>

Auth Group config:

 Type: Login

 Group Type: Local

 Assigned Servers: <My NPS Servers>

 

I had been using group type: group with my NPS servers!!

 

Thanks again Flavio

View solution in original post

2 Replies 2

Go to solution
Flavio Miranda
VIP
VIP

‎04-28-2022 02:16 AM

Hi

 Look this link :

 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213923-configure-a-web-authentication-ssid-on-c.html 

You can search for:

"Navigate to Configuration > Security > AAA > AAA Method List > Authentication and Add a Login Authentication method."

 

You can also use cli:

# configure terminal
# aaa new-model
# aaa authentication login <login-local-name> local

Go to solution
Dylan Hyndman
Level 1
Level 1

‎04-28-2022 02:59 AM

Hi Flavio,

Thank you, that has put me on the right path. I needed to set the AAA authentication group as Type login, Group type local, but also add in my NPS servers.

 

WLAN > Security > L3 > Authentication List > <Auth Group>

Config > Security > AAA Method List > Authentication > <Auth Group>

Auth Group config:

 Type: Login

 Group Type: Local

 Assigned Servers: <My NPS Servers>

 

I had been using group type: group with my NPS servers!!

 

Thanks again Flavio

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card