Thanks.

1. after the users are created and their wlan defined, will the users need to configure anything on their notebooks?

3. so when the users start connecting, the web page prompts up , but how does it work, that means i will just select the ssid as a user and the page will pop up?

thanks.

1.) It depends on what all you do on teh WLAN.  If you configure it with a PSK, then they will have to configure that.  If you leave it open then no.

2.) The splashpage will come up when the user tries to launch a browser.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Just to adds to Steve's post... here is a link to using WebAuth and local users:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml#two

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott & Steve, thanks to both of you.

thanks for the great information.

1. So if psk is configured , then the client will need to configure the wlan ssid as we usually do. If so, and we disable the psk, then the layer2 security portion - wpa and encryption will not be functioning.

then,how does it encrypt or provide security then which means the layer2 security portion - wpa and encryption will not be functioning.so, how does it encrypt or provide security then ?

2.i am trying to sense is the portion" configuring WLAN client to use Web authentication" and "Client Login"

related. does both have to be configured completely for the other to work.

so can i only use the client login portion steps to achieve it or will it need the preceeding wireless adapter

configuration also to be done on all the wireless systems.

1. So if psk is configured , then the client will need to configure the wlan ssid as we usually do. If so, and we disable the psk, then the layer2 security portion - wpa and encryption will not be functioning.

then,how does it encrypt or provide security then which means the layer2 security portion - wpa and encryption will not be functioning.so, how does it encrypt or provide security then ?

If you don't use either wpa or wpa2 for example and you choose none... then there is no encryption.  For guest users or non company devices, its easier to use WebAuth, because you really don't want to have to help non employees on connecting to your SSID.

2.i am trying to sense is the portion" configuring WLAN client to use Web authentication" and "Client Login"

related. does both have to be configured completely for the other to work.

so can i only use the client login portion steps to achieve it or will it need the preceeding wireless adapter

configuration also to be done on all the wireless systems.

Don't really understand this... again, just focus on using WebAuth and local users.  This way guest users just see a splash page like in a coffee shop and they either enter credentials which are stored in the WLC, or you just do a pass through and the user just has to hit the accept button.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

thanks again. the web auth is configured and enabled.

How do we test it , the layer2 or authentication is kept as none.

When we scan and find this network, we cant get the splash page. the laptop tries to connect using normal way.

Appreciate help on this.

On the WebAuth SSID you need to set the layer 2 encryption as none and the layer 3 authentication as WebAuth & authentication. You will get the WebAuth page as long as the users home page can be resolved by the WLC. So basically any http site as a home page will work. Https will not work just for your information.

If your connecting to that SSID and your getting connected without any WebAuth, then your almost done. You just need to define in the layer 3 tab of that WLAN SSID that you want to do WebAuth with authentication and you should see the splash page.

Sent from Cisco Technical Support iPhone App

thanks. yes it gives some 1.1.1.1 ip related message on the screen during the initial redirect. is there any way to do away with it or change that message?

Also saw a certificate option under web section in security. what difference does it make to users logging in.

That is your virtual ip address you assigned on your WLC.  You can change the VIP address to any ip that is not routed on your network, but you will have to reboot the WLC.  So basically, your VIP address will show up there.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

1. we saw a certificate option under web section in security. can it be used to create certificate, as the users are prompted first with the security warning message we get on all ssl pages.any ways to avoid it using the wlc itself.

2. is there any activity timeout for this web auth and can it be altered.

we see that if there is any inactivity, it throws an error and need re-login.

thanks.

You can either install a 3rd party certificate:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml

Or you can disable https for WebAuth,but it only is available on v7.2 or newer:

config network web-auth secureweb disable

https://supportforums.cisco.com/thread/2149525

If you want to prevent or alter how often users have to log back in, you need to change the session timeout and the idle timeout. The session timeout is located in the WLAN SSID and I usually would set this for 8 hours or more. This value is how long until the user will have to log back in. Now the idle timeout,which is located on the general tab and is default at 300 seconds is how long will and idle device be kept before it is deleted from the WLC. This will also cause the user to have to log back in. I usually set this for 4 hours or 14400 seconds. So make sure that the session timeout is greater than the idle timeout.

Sent from Cisco Technical Support iPad App

the session value says the timeout is maximum to 65535. we wanted it to be 16hrs.

i know when we use layer 2 WPA etc, we can set till24 hrs ( 86400s), can a similar large value be set for web authentication.

Yes... That was what I was trying to explain. The session timeout I usually set at 8 hours or more and you can set it up for 16 hours or more, but up to the max. The idle timeout I would set to 4 hours. So if the device goes to sleep or the go out to lunch for a couple hours they don't have to log back in. With apple devices like the iPhone and iPads, this is a good thing to increase or else they will log on every time the device sleeps.

Sent from Cisco Technical Support iPhone App