I was playing with ISG today, and everything seems to be working, so now I decided to get rid of the CSR 1000v router in my topology and do all the fancy redirection and services right at the vWLC (running 18.104.22.168 version of code). Please note, no ISE here.
What I got to work so far:
Client connects to the SSID and gets the IP via DHCP.
When the clients connect it triggers radius auth request to the radius (freeradius) server, which matches this request by NAS-Identifier and responds with url-redirect and url-redirect-acl.
These redirect-related pairs are applied to the client session (I can see it on WLC).
Now if the client opens any web page, WLC intercepts the request and redirects the user to the portal to input his credentials.
So far so good.
Now if I understand everything correctly, after the client inputs his username and the password, the portal needs to send COA message to WLC with username and password, which must be checked against the user database on the radius server (please correct me if I am wrong).
My COA consists of the following pairs:
COA message sent by the portal hits the WLC and WLC answers with ACK, WLC requests the radius but the request that is sent to the radius server is basically a copy of the initial request, which was sent at the very beginning. I cannot see username or password that I've included in COA, the username and password is still a users's mac address.
What am I doing wrong? How can I differentiate between initial session authentication and actual client authentication with credentials sent by the portal?
It’s been about two and half years, since the launch of next generation Cisco Catalyst 9800 Wireless LAN Controllers that has the most deployment flexibility and runs the modular, scalable, highly reliable, open and programmable operating system, I...
Hi All, I have made this video for Cisco Pitch the Future Contest in Malaysia which talks about Wi-Fi 6 and EWC Demo. Please feel free to view the video below and please support me for this contest by giving the video a like as the Contest will end o...
On the Cisco Catalyst 9800 Series WLC, enabling/disabling the remote LAN (RLAN) ports on APs requires going into the configuration for each AP and manually enabling/disabling the ports. However, as the number of APs that need to have their RLAN...
It’s been a long road for our AireOS wireless controllers. In fact these products have been around Cisco in some form since 2005. As you may have heard, Cisco made the decision to End-of-Sale (EOS) these products last month.
That means that these AireOS ...