cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
800
Views
10
Helpful
5
Replies

Web auth page won't load on 3504 in HA

a.mcarneiro
Level 1
Level 1

Hello!

 

Customer is replacing a 2504 with two 3504 in HA. Also replacing APs 1702i with 2802i. For faster migration, software version was kept the same, 8.5.131.

2504's configuration was uploaded via GUI and converted using TAC's WLC Config Converter and then imported to the new 3504. No parameters were changed after the import except for IP addresses, hostname and HA configuration.

There is this guest wlan that is configured for local web authentication and the problem is that user's devices won't load the authentication page once redirected when connecting to the new equipment.

 

Can anyone please shed a light on this?

5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame
Well it seems like the configuration is not correct. If you are using a custom webauth page, did you upload it to both controllers along with any certificates? The VIP and the FQDN must match.
-Scott
*** Please rate helpful posts ***

It's not a custom page, it's the Internal (Default). And configuration was imported after HA SSO in place, so it was replicated. Certificates are locally generated and not signed by any CA.

The error users get is that the server is unavailable; not that warning message about certificates.

There is no anchor controller right? Create a new test ssid and see if that works. Did you also do a diff on the 2504 configuration vs the 3504? There are slight differences that might not be converted from the tool.
-Scott
*** Please rate helpful posts ***

No anchor. Just mobility configured between the 2504 and 3504: virtual interface configured with 1.1.1.1, same group name and MAC and IP addresses configured on each other. Mobility was configured as an attempt to solve the problem; it was already faulty before.

As far as testing goes, I have already tried: creating a new wlan with the same parameters and using the same interface of the guest wlan; changed the IP from 1.1.1.1 to 192.0.2.1 on the 3504 (and reloaded it); changed from open to PSK and no web auth to validate connectivity and access to the internet.

I didn't do a diff on the configs. I thought that since it was downloaded successfully, everything was converted ok.

Downloading doesn’t mean everything took. I always make sure to run a diff especially between two different models. As far as the webauth, since you are doing default testing, clients connected to the ssid on the 3504 should see the web policy of setup properly.
-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card