Solved: Cisco WLC 2504 Configuration

sundesa1977 · ‎10-05-2015

Dear All,

It would be highly appreciative if someone can help in providing a configuration video or a document with Cisco WLC 2504 configuration from the scratch.

I've configured and its working fine with Active Directory and Guest users. But having problem in https://1.1.1.1. This gives certificate error. Whereas I've also downloaded the DigiCert certificates (Server / Intermediate / Root) in pem file to WLC.

Thanks in well advance.

Regards

Faisal

Thomas Johnston · ‎10-05-2015

How to Cause the Certificate to Match the URL

The WebAuth URL is set to 1.1.1.1 in order to authenticate yourself and the certificate is issued (this is the CN field of the WLC certificate). If you want to change the WebAuth URL to 'myWLC.com', for example, go into the virtual interface configuration (the 1.1.1.1 interface) and there you can enter a virtual DNS hostname, such as myWLC.com. This replaces the 1.1.1.1 in your URL bar. This name must also be resolvable. The sniffer trace shows how it all works, but when WLC sends the login page, WLC shows the myWLC.com address, and the client resolves this name with their DNS. This name should resolve as 1.1.1.1. This means that if you also use a name for the management of the WLC, you should use a different name for WebAuth. In other words, if you use myWLC.com mapped to the WLC management IP address, you must use a different name for the WebAuth, such as myWLCwebauth.com.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html

View solution in original post

Prakash Parvathala · ‎10-07-2015

It would be highly appreciative if someone can help in providing a configuration video or a document with Cisco WLC 2504 configuration from the scratch.

Here you can go with the below links for deploy and configuration guides for WLC 2504

http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034-2500-deploy-guide-00.html

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_controller_setting.html

For the Web authentication issue:

Please look into the below community post which may help you

https://supportforums.cisco.com/discussion/12074046/help-certificates-2504-wlc

View solution in original post

Thomas Johnston · ‎10-05-2015

How to Cause the Certificate to Match the URL

The WebAuth URL is set to 1.1.1.1 in order to authenticate yourself and the certificate is issued (this is the CN field of the WLC certificate). If you want to change the WebAuth URL to 'myWLC.com', for example, go into the virtual interface configuration (the 1.1.1.1 interface) and there you can enter a virtual DNS hostname, such as myWLC.com. This replaces the 1.1.1.1 in your URL bar. This name must also be resolvable. The sniffer trace shows how it all works, but when WLC sends the login page, WLC shows the myWLC.com address, and the client resolves this name with their DNS. This name should resolve as 1.1.1.1. This means that if you also use a name for the management of the WLC, you should use a different name for WebAuth. In other words, if you use myWLC.com mapped to the WLC management IP address, you must use a different name for the WebAuth, such as myWLCwebauth.com.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html

Prakash Parvathala · ‎10-07-2015

It would be highly appreciative if someone can help in providing a configuration video or a document with Cisco WLC 2504 configuration from the scratch.

Here you can go with the below links for deploy and configuration guides for WLC 2504

http://www.cisco.com/c/en/us/support/docs/wireless/2500-series-wireless-controllers/113034-2500-deploy-guide-00.html

http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0MR1/configuration/guide/wlc_cg70MR1/cg_controller_setting.html

For the Web authentication issue:

Please look into the below community post which may help you

https://supportforums.cisco.com/discussion/12074046/help-certificates-2504-wlc

sundesa1977 · ‎10-07-2015

Thanks Parkash,

Very helpful links. I will go through these and will fine tune my WLC :) (Y)

Regards.

sundesa1977 · ‎10-26-2015

Dear Parkash,

All of a sudden the Cisco WLC has stopped authenticating the new users in Activedirectory, but for the ones who were added earlier are still able to log in, using their Windows username and password.

I've recently added few users to the group WiFi Users in AD and they are getting the error.

Password Combination is invalid. Whereas they are able to log in through wired connection.

The Event ID in AD is 6273 with Reason Code 16 and 23.

Could you please help in this regard.

Thanks in well Advance.