cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
990
Views
0
Helpful
7
Replies

I have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

game123
Level 1
Level 1

Hi team,

I  have multiple SSID, but want users of a single SSID to be redirected to a HTTP or HTTPS URL (LAN SERVER for authentication)

I am very curious and it is important. I want to see how to achieve this with CISCO WLC !!!

7 Replies 7

Scott Fella
Hall of Fame
Hall of Fame

You can redirect users to an external server for authentication.  Here is a guide that explains it:

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/71881-ext-web-auth-wlc.html

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Well, how to restrict users of a particular SSID only to go to 3rd party web authentication page (and just proceed from there ) to whatever happens next..............................

I do not want this to happen to other SSID (except only a particular SSID)

all user accounts for authentication is created on a web server created to be used once user selects that particular SSID !!!

advice pls.

The link Scott gave you has the WLAN configuration under :

Configure the WLAN for Guest Users Section

You have to tell the WLAN to use WebAuth for it to work

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Sandeep Choudhary
VIP Alumni
VIP Alumni

HI,

Here are the two ways:

1. You can do that from under WLAN cofnig -> Security -> Layer 3. for external servers only, not for the internal page.

**** It can only be used for external servers but cannot be used for the internal server authentication.

see the screenshot:

tets.jpg

2. you can do a per WLAN redirect, but you have to do custome pages for each WLAN.  You can specify the redirect URL in the HTML configuration.

example:

if(urlStr.length > 0){

      redirectUrl += urlStr;

      if(redirectUrl.length > 255)

         redirectUrl = redirectUrl.substring(0,255);

     document.forms[0].redirect_url.value = redirectUrl;

Changed the urlStr variable to my redirect URL (i.e., redirectUrl += "http://www.google.com

Regards

Dont forget to rate helpful posts

Thanks for the input  well , when I did all above steps I am getting URL formation something like below :

http://10.229.3.99/?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:...

Where what i want is simply "if someone access the WLAN "E"  they should be first redirected to 10.229.3.99 and then once authenticated by 10.229.3.99 should be allowed to use internet.  Pls note that on 10.229.3.99 there is an authentication server !!!

Advice required.

regards,

http://10.229.3.99/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1.1/login.html&ap_mac=e8:40:40:ad:cc:80&wlan=MO-GUEST&redirect=/login.html?switch_url=https://1.1.1...

I wanted if someone connects to WLAN "MO-GUEST" automatically the user should be redirected to http://10.229.3.99/login.html and once authenticated by 10.229.3.99 , he/she should be allowed to access anything as normal. [ actually i just want automatic url redirection for the first time for the user of wlan "MO-GUEST"

waiting expert opinions.

Scott Fella
Hall of Fame
Hall of Fame

The problem you have is... How many different webauths page do you have? Typically only guest would be redirected, your internal users would authenticate using a layer 2 encryption method and maybe a layer 3 to a radius server.

Your external server can't authenticate the users as the users must either be on the WLC local net user or local user on a radius or AD.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card