11-21-2012 05:17 AM - edited 07-03-2021 11:05 PM
Our wireless controller needs to be setup in below requirements:-
1. 5 local users with username and password who will be accessing the same ssid, how do we achieve and test this?
2. there is some Local Net users option under Security tab, however i am not certain how does it work, please suggest
3. is there any other way where these 5 local users will receive a web page when they try to access the wireless and will be prompted for authentication?
how will this web page ( if possible ) pop up to users , what is the mechanism involved?
thanks in advance for everyone's input!
Solved! Go to Solution.
11-21-2012 05:30 AM
1.) You need to create the users under Local Net Users. You can even specifiy what WLAN they can login to
2.) see above
3.) You would need to use WebAuth when you configure the WLAN. WebAuth is what will give you the splash page that the users can login to.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
11-21-2012 05:30 AM
1.) You need to create the users under Local Net Users. You can even specifiy what WLAN they can login to
2.) see above
3.) You would need to use WebAuth when you configure the WLAN. WebAuth is what will give you the splash page that the users can login to.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
11-21-2012 05:37 AM
Thanks.
1. after the users are created and their wlan defined, will the users need to configure anything on their notebooks?
3. so when the users start connecting, the web page prompts up , but how does it work, that means i will just select the ssid as a user and the page will pop up?
thanks.
11-21-2012 05:45 AM
1.) It depends on what all you do on teh WLAN. If you configure it with a PSK, then they will have to configure that. If you leave it open then no.
2.) The splashpage will come up when the user tries to launch a browser.
HTH,
Steve
------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
11-21-2012 06:09 AM
Just to adds to Steve's post... here is a link to using WebAuth and local users:
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
11-21-2012 08:13 AM
Scott & Steve, thanks to both of you.
thanks for the great information.
1. So if psk is configured , then the client will need to configure the wlan ssid as we usually do. If so, and we disable the psk, then the layer2 security portion - wpa and encryption will not be functioning.
then,how does it encrypt or provide security then which means the layer2 security portion - wpa and encryption will not be functioning.so, how does it encrypt or provide security then ?
2.i am trying to sense is the portion" configuring WLAN client to use Web authentication" and "Client Login"
related. does both have to be configured completely for the other to work.
so can i only use the client login portion steps to achieve it or will it need the preceeding wireless adapter
configuration also to be done on all the wireless systems.
11-21-2012 08:31 AM
1. So if psk is configured , then the client will need to configure the wlan ssid as we usually do. If so, and we disable the psk, then the layer2 security portion - wpa and encryption will not be functioning.
then,how does it encrypt or provide security then which means the layer2 security portion - wpa and encryption will not be functioning.so, how does it encrypt or provide security then ?
If you don't use either wpa or wpa2 for example and you choose none... then there is no encryption. For guest users or non company devices, its easier to use WebAuth, because you really don't want to have to help non employees on connecting to your SSID.
2.i am trying to sense is the portion" configuring WLAN client to use Web authentication" and "Client Login"
related. does both have to be configured completely for the other to work.
so can i only use the client login portion steps to achieve it or will it need the preceeding wireless adapter
configuration also to be done on all the wireless systems.
Don't really understand this... again, just focus on using WebAuth and local users. This way guest users just see a splash page like in a coffee shop and they either enter credentials which are stored in the WLC, or you just do a pass through and the user just has to hit the accept button.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
11-22-2012 01:24 AM
thanks again. the web auth is configured and enabled.
How do we test it , the layer2 or authentication is kept as none.
When we scan and find this network, we cant get the splash page. the laptop tries to connect using normal way.
Appreciate help on this.
11-22-2012 05:49 AM
On the WebAuth SSID you need to set the layer 2 encryption as none and the layer 3 authentication as WebAuth & authentication. You will get the WebAuth page as long as the users home page can be resolved by the WLC. So basically any http site as a home page will work. Https will not work just for your information.
If your connecting to that SSID and your getting connected without any WebAuth, then your almost done. You just need to define in the layer 3 tab of that WLAN SSID that you want to do WebAuth with authentication and you should see the splash page.
Sent from Cisco Technical Support iPhone App
11-22-2012 06:15 AM
thanks. yes it gives some 1.1.1.1 ip related message on the screen during the initial redirect. is there any way to do away with it or change that message?
Also saw a certificate option under web section in security. what difference does it make to users logging in.
11-22-2012 06:52 AM
That is your virtual ip address you assigned on your WLC. You can change the VIP address to any ip that is not routed on your network, but you will have to reboot the WLC. So basically, your VIP address will show up there.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
11-22-2012 07:36 PM
1. we saw a certificate option under web section in security. can it be used to create certificate, as the users are prompted first with the security warning message we get on all ssl pages.any ways to avoid it using the wlc itself.
2. is there any activity timeout for this web auth and can it be altered.
we see that if there is any inactivity, it throws an error and need re-login.
thanks.
11-22-2012 08:18 PM
You can either install a 3rd party certificate:
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
Or you can disable https for WebAuth,but it only is available on v7.2 or newer:
config network web-auth secureweb disable
https://supportforums.cisco.com/thread/2149525
If you want to prevent or alter how often users have to log back in, you need to change the session timeout and the idle timeout. The session timeout is located in the WLAN SSID and I usually would set this for 8 hours or more. This value is how long until the user will have to log back in. Now the idle timeout,which is located on the general tab and is default at 300 seconds is how long will and idle device be kept before it is deleted from the WLC. This will also cause the user to have to log back in. I usually set this for 4 hours or 14400 seconds. So make sure that the session timeout is greater than the idle timeout.
Sent from Cisco Technical Support iPad App
11-23-2012 04:28 AM
the session value says the timeout is maximum to 65535. we wanted it to be 16hrs.
i know when we use layer 2 WPA etc, we can set till24 hrs ( 86400s), can a similar large value be set for web authentication.
11-23-2012 05:59 AM
Yes... That was what I was trying to explain. The session timeout I usually set at 8 hours or more and you can set it up for 16 hours or more, but up to the max. The idle timeout I would set to 4 hours. So if the device goes to sleep or the go out to lunch for a couple hours they don't have to log back in. With apple devices like the iPhone and iPads, this is a good thing to increase or else they will log on every time the device sleeps.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide