cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
495
Views
40
Helpful
10
Replies
Dhikra Marghli
Enthusiast

authentication guest wlan  with home page

Hello

 

I have a WLC cisco  with 15 AP 1815i .

 

I want "sotetel" website    as a home page    for guest wlan     after login and password   authentication 

 

when a guest connects on the internet


first, you have to authenticate, after he finds the home page sotetel website, so he can access the internet

 

so  what are the steps  that i can configure WLC cisco for guest wlan !!!??

 

i  wait a reply from expert wirless cisco and answer !!

 

thanks in advance 

3 ACCEPTED SOLUTIONS

Accepted Solutions
Sandeep Choudhary
VIP Mentor

do you use cisco ISE ?

you can Implement LWA or CWA.

please go through this document:

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

 

Regards

Dont forget to rate helpful posts

View solution in original post

you can use either one. Depends on yuor Situation. If you have more then  one WLC then use option 1.

View solution in original post

10 REPLIES 10
Sandeep Choudhary
VIP Mentor

do you use cisco ISE ?

you can Implement LWA or CWA.

please go through this document:

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

 

Regards

Dont forget to rate helpful posts

View solution in original post

Thanks Sanddep

i used wlc guest web authentication  .. authfication web via LWC work fine with navigator Mozilla Firefox

but it is not work with chrome !!

so   i need authenfciation web work with chrome !!

so what is the problem  in navigator chrome  or what is parmater in navigator chrom that allow authfication web work chrome !!

i wait a reply and answer 

thanks in adv

Two issues, the main is, you use a reserved IP address (2.2.2.2) instead of a private address. Change it to 192.168.x.x or similar.

With a redirect to an IP address, you can't use a correctly signed certificate. 

Chrome version 58 and later does not trust the Common Name of the certificate alone and requires Subject Alternate Name, so you will need to install a cert with SAN from trusted third party CA so Chrome users/guests can access the page. You will need to use openssl for this process to generate the CSR, for all details check:

https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html

the one thing that is not listed in that doc: you need to make sure to use the same name you want to use as a (Common Name CN and as Subject Alternate Name SAN) or to be more specific, the SAN is what you need to focus on for what name you will use, meaning, if you will request from the 3rd party CA to use only one SAN then make this same as the CN.

I use  Internal (Local) WebAuth Work with an Internal Page  via WLC cisco 

 

so guest wlan can authenticate via navigator mozilla firefox but he can't authticate via chrome navigator !!

 

 

my question : how i can allow guest wlan authenticate via chrome navigator  !!?? 

 

so i need steps on navigator chrome that allow authentification web local via WLC cisco !!

 

i wait a reply and answer from expert wireless !!

thanks in advance

 

 

I need to know  GENERATE CSR  with option A or option B !!!  ??? for authfication web by   wlc  for guest wlan !!

 

generate CSR :

option A: CSR with open SSL

option B: CSR generated by WLC

 

please i need  and i wait a reply and a help 

 

thanks 

you can use either one. Depends on yuor Situation. If you have more then  one WLC then use option 1.

View solution in original post

I have only one wlc  so i use the option B !!!

 

if i use the option B : Generate a CSR by WLC then  what is the command that i can configue in WLC !!!

 

thanks 

I can assure you this will not work if you generate the CSR from the WLC because the WLC will not generate a CSR with SAN, so either you need to add the SAN when requesting the cert from the CA (some 3rd party CAs allow that) or use the OpenSSL to generate the CSR.
Content for Community-Ad

This widget could not be displayed.