C5760 - Webauth - where do I set the hostname for the virtual IP address ?

Thomas Obbekaer Thomsen · ‎10-21-2013

Hi all

We are trying to configure a C5760 for webauth, but cannot find the place to set the hostname for the Virtual IP address ?

As far as we can see there is no mention of this in the configuration guide as well.

What should we do ?

/Thomas

aqjaved · ‎10-22-2013

Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic, except DHCP-related packets/ DNS-related packets, from a particular client until that client has correctly supplied a valid username and password with an exception of traffic allowed through Pre-Auth ACL. Web authentication is the only security policy that allows the client to get an IP address before Authentication. It is a simple Authentication method without the need for a supplicant or client utility. Web authentication can be done either locally on a WLC or over a RADIUS server. Web authentication is typically used by customers who want to deploy a guest-access network.

Please Check the below link for configurations:

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080a38c11.shtml

ankbhasi · ‎10-22-2013

Hi Thomas,

Which release you are running on 5760? This is supported in latest releases posted on CCO.

This configuration is present only in global parameter map.

Switch(config)#parameter-map type webauth global

Switch(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 ?

virtual-host Virtual host name

Switch(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 virtual-host

Regards,

Ankur

Message was edited by: Ankur Bhasin

Thomas Obbekaer Thomsen · ‎10-22-2013

Hi Ankur

I will try to install the newest version thank you.

Do you know if there is a bugID for this or is it just a "new feature" that is not mentioned in the releasenotes ?

/Thomas

Jerome Henry · ‎10-22-2013

Hi Thomas,

Have you tried:

5760-T(config-params-parameter-map)#virtual-ip ipv4 192.0.2.1 virtual-host mywlc.example.com

Jerome

Thomas Obbekaer Thomsen · ‎10-22-2013

I dont think the "complete" command is avalible in the version we are running.

But I will try to upgrade as Ankur sugested and see what happens.

/Thomas

Abhishek Abhishek · ‎10-22-2013

You need to upgrade to the latest verion if the command does not exist.

Orla Larsen · ‎10-23-2013

I am working on this with Thomas. We are now running 03.03.00SE - the latest version to my knowledge. The command Jerome suggested does not exist. Also typing it "blind" is not possible.

Your help is much appreciated.

hudcw5760_1(config-params-parameter-map)#virtual-ip ipv4 1.1.1.1 virtual-host guest-wlc.x.x

^

% Invalid input detected at '^' marker.

hudcw5760_1(config-params-parameter-map)#?

pre parameter-map params commands:

banner Banner file or text

consent consent parameters

custom-page custom-page - login, expired, success or failure page

exit Exit from parameter-map params configuration mode

logout-window-disabled Webauth logout window disable

max-http-conns Maximum number of HTTP connections per client

no Negate a command or set its defaults

redirect redirect url

timeout timeout for the webauth session

type type - web-auth, consent or both

Orla Larsen · ‎10-23-2013

I did some more reseach and found, that the command Jerome provided can only be applied to the global parameter map.

"parameter-map type webauth global"

If this is by design, I cannot tell.

Furthermore I can let you know, that the virtual-host vaulue in the GUI appearently can hold only 15 caracters. In the CLI I could type our fqdn with 23 caracters.

Thanks for your input - we will go on testing later this week.