Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1083
Views
0
Helpful
5
Replies

H-Reap PreAuthentication ACL

zahir_zahir
Level 1
Level 1

‎11-09-2012 04:45 AM - edited ‎07-03-2021 11:00 PM

Hi.

I have few APs working in hreap mode as local switching. I have Guest WLAN and after connection to that WLAN client must accept security regulations. The problem is that on WLC under Security->Web Auth -> Web login page  I put text saying:

"Read a regulation form and click accept"   and  There is button created in html:

<input type="button" value="Click to read"

onclick="window.open('http://192.168.1.100')">

When client click the button the page cannot be loaded and i guess it is because AP block any kind of traffic untill you choose Accept button (except dns traffic). That why i'm using PreAuthentication ACL which permits traffic to 192.168.1.100 - it does work for AP not being in H-reap modem, but for h-reap it doesnt work.

What i found in Cisco documentation is:

If you have configured a locally switched WLAN,  then Access Control Lists (ACLs) do not work and are not supported. On a  centrally switched WLAN, ACLs are supported

That statment is related to preauthentication ACL as well? Is there some workaround for that problem?

thanks in advance!

Labels:
0 Helpful
5 Replies 5

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎11-09-2012 11:28 AM

what's the WLC code and sever(ISE/NAC/ACS) used.

0 Helpful

zahir_zahir
Level 1
Level 1
In response to Saravanan Lakshmanan

‎11-11-2012 11:34 PM

WCL 5508 - Software Version                 7.0.116.0

As the described network is for the guests, there is no authentication server like ACS, just L3 security - web auth.

0 Helpful

Scott Fella
Hall of Fame
Hall of Fame
In response to zahir_zahir

‎11-12-2012 08:23 AM

Try to allow any any and see if it works... If it does, then look at your acls, because you might need to add additional entries.

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***
0 Helpful

zahir_zahir
Level 1
Level 1
In response to Scott Fella

‎11-13-2012 02:52 AM

Strange thing. When i set my ACL for permit any any, i am not redirected to local auth page on my WLC after putting some adress in web browser. Whats worse the web page which i am trying to reach doesn't show up either. I have no idea what is going on.

What can block that kind of traffic?

Any help would be useful!

I cannot find any information about pre-auth acl saying who it works. Every document says that it should be used for external web auth server

0 Helpful

Saravanan Lakshmanan
Cisco Employee
Cisco Employee

‎11-13-2012 05:33 PM

you don't need preauth acl if internal page from WLC is used for hreap local switching.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card