Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1591
Views
0
Helpful
9
Replies

Cisco 2504 Controller webauth login.html failed on windows

Go to solution
trakimanhminh
Level 1
Level 1

‎07-08-2020 05:17 AM - edited ‎07-05-2021 12:15 PM

Hi everyone,

 

I meet an issue about Cisco 2504 web authentication with firmware: 8.5.140. Here is the configuration:


DNS Server IP............................... 8.8.8.8
Web Mode.................................... Enable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode SSL Protocol................ Disable
Web CSRF check.............................. Enable

IPv4 AP Multicast/Broadcast Mode............ Multicast Address : 239.0.0.0
IPv6 AP Multicast/Broadcast Mode............ Multicast Address : ::
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
MLD snooping................................ Disabled
MLD timeout................................. 60 seconds


Mgmt Via Wireless Interface................. Enable
Mgmt Via Dynamic Interface.................. Disable
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Mesh Backhaul RRM........................... Disable
AP Fallback ................................ Enable
AP EasyAdmin ............................... Disable
AP Virtual IP .............................. 0.0.0.0
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Web Auth Captive-Bypass .................. Disable
Web Auth Secure Web ....................... Enable
Web Auth Secure Web Cipher Option ......... Disable
Web Auth Secure Web Sslv3 ................. Disable
Web Auth Secure Redirection ............... Disable
IP/MAC Addr Binding Check .................. Enabled
Link Local Bridging Status ................. Disabled
CCX-lite status ............................ Disable
oeap-600 dual-rlan-ports ................... Disable
oeap local-network ......................... Enable
oeap-600 Split Tunneling (Printers)......... Disable
WebPortal Online Client .................... 0
WebPortal NTF_LOGOUT Client ................ 0
mDNS snooping............................... Disabled
mDNS Query Interval......................... 15 minutes
Web Color Theme............................. Default
Capwap Prefer Mode.......................... IPv4
Network Profile............................. Disabled
Client ip conflict detection (DHCP) ........ Disabled
Mesh BH RRM ................................ Disable
Mesh Aggressive DCA......................... Disable
Mesh Auto RF................................ Disable
HTTP Profiling Port......................... 80
HTTP-Proxy Ip Address....................... 0.0.0.0
HTTP-Proxy Port............................. 80
WGB Client Forced L2 Roam................... Disabled

 

The IP Virtual is: 192.0.2.1, DNS Hostname is blank.

Layer2 Security: None

Layer 3 Security: Web Policy, Passthrough

 

The problem is web authentication work perfectly on Apple device, but not succeed on Windows.

 

Can anyone suggest me how to solve this trouble?

 

Thanks a lot!

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
trakimanhminh
Level 1
Level 1
In response to trakimanhminh

‎07-08-2020 09:51 AM

At last, my problem is solved. It is caused by Chrome Browser. I change to Microsoft Edge, and the login page appear.
Further more, can anyone tell me how to solve this problem on Google Chrome?

View solution in original post

0 Helpful

Go to solution
Rich R
VIP
VIP
In response to trakimanhminh

‎07-08-2020 11:15 AM

> can anyone tell me how to solve this problem on Google Chrome?
Well you need to answer the questions people have already asked you and/or provide the screenshots requested.
As Pat suggested this could be a certificate problem.
Have you installed a proper certificate on the WLC which can be verified/trusted by Chrome?
Also www.gstatic.com/generate_204 is the Google/Chrome captive portal detection URL and if you actually get redirected to that after login it might seem like nothing happened but all that URL does is deliver a 204 response with a blank page.
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Rich R
VIP
VIP

‎07-08-2020 06:44 AM

"but not succeed on Windows" - what do you mean?
What doesn't succeed?
What debugging have you done?
Have you got a packet capture?
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
trakimanhminh
Level 1
Level 1
In response to Rich R

‎07-08-2020 07:42 AM

When I connect to the SSID, it appears the link:


https://192.0.2.1/fs/customwebauth/login.html?switch_url=https://192.0.2.1/login.html&ap_mac=70:b3:17:96:50:60&client_mac=d4:3b:04:78:4a:8d&wlan=Test&redirect=www.gstatic.com/generate_204

 

Picture is attached. I have tried to turn the firewall off, but it's no use. Otherwise, it works perfectly on Iphone and Android.

 

"What debugging have you done?"      What command should I use to get the information? I check the message logs, but it seems to show nothing.

 

Thanks in advance!

Best regards

M.

 

 

 

 

Preview file
95 KB
0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to trakimanhminh

‎07-08-2020 07:57 AM

And what happens if you click on Connect in the image you've attached?
Please also include the URL bar in the next image, I'm curious if the browser trusts the certificate (I guess it doesn't).
0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎07-08-2020 07:30 AM

And most important, do you get an error message on the client?
What happens if you browse directly to the guest portal IP in the browser?
0 Helpful

Go to solution
trakimanhminh
Level 1
Level 1
In response to patoberli

‎07-08-2020 08:36 AM

When I press connect, there's nothing happen! Also, I don't receive any error message from client.

I have try http (or) https:// 192.0.2.1/login.html, but look like can't connect. Always the picture like above appears.

 

0 Helpful

Go to solution
trakimanhminh
Level 1
Level 1
In response to trakimanhminh

‎07-08-2020 09:51 AM

At last, my problem is solved. It is caused by Chrome Browser. I change to Microsoft Edge, and the login page appear.
Further more, can anyone tell me how to solve this problem on Google Chrome?
0 Helpful

Go to solution
marce1000
VIP
VIP
In response to trakimanhminh

‎07-08-2020 09:56 AM

 

 - For starters clear your cache and all cookies.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

Go to solution
Rich R
VIP
VIP
In response to trakimanhminh

‎07-08-2020 11:15 AM

> can anyone tell me how to solve this problem on Google Chrome?
Well you need to answer the questions people have already asked you and/or provide the screenshots requested.
As Pat suggested this could be a certificate problem.
Have you installed a proper certificate on the WLC which can be verified/trusted by Chrome?
Also www.gstatic.com/generate_204 is the Google/Chrome captive portal detection URL and if you actually get redirected to that after login it might seem like nothing happened but all that URL does is deliver a 204 response with a blank page.
------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.190.0, latest 9800 releases, 8.5.182.11 (8.5 mainline) and 8.5.182.108 (8.5 IRCM)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
trakimanhminh
Level 1
Level 1
In response to Rich R

‎07-11-2020 04:14 AM

Yes, I haven't installed the trusted certificate which is verified by Chrome. And that's my problem.

Besides, I am choosing to disable https because it maybe convenience to me. The web authentication works with all browser without any trouble now!

Here is the command:
(WLC)> config network web-auth https-redirect disable
After that, reboot the controller to get this command to work.

Thanks all for helping me to solve this trouble!
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card