08-07-2019 06:31 AM - edited 07-05-2021 10:49 AM
When i connecting in my SSID, no automatic redirect to https://1.1.1.1/
But when i enter url https://1.1.1.1 with my hands everything is ok working !
My config:
WLAN Identifier.................................. 16
Profile Name..................................... Guest-WEB
Network Name (SSID).............................. Guest-WEB
Status........................................... Enabled
Web Based Authentication...................... Enabled
Web Authentication Timeout.................... 300
IPv4 ACL........................................ web-acl
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... ldap
2............................................... local
3............................................... radius
Web-Passthrough............................... Disabled
Mac-auth-server............................... 0.0.0.0
Web-portal-server............................. 0.0.0.0
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
##
(Cisco Controller) show>custom-web wlan 16
WLAN ID: 16
WLAN Status................................... Enabled
Web Security Policy........................... Web Based Authentication
Global Status................................. Enabled
WebAuth Type.................................. Internal
###
WLC -> Management -> HTTP-HTTPS
HTTP-HTTPS Configuration:
HTTP Access - Disable
HTTPS Access - Enabled
WebAuth SecureWeb - Enabled
HTTPS Redirection - Enabled
Web Session Timeout - 30 Minutes
##
My Preauthentication ACL :
(Cisco Controller) show>acl detailed web-acl
Source Destination Source Port Dest Port
Index Dir IP Address/Netmask IP Address/Netmask Prot Range Range DSCP Action Counter
------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- -----------
1 Any 0.0.0.0/0.0.0.0 10.0.253.20/255.255.255.255 17 0-65535 53-53 Any Permit 468
2 Any 10.0.253.20/255.255.255.255 0.0.0.0/0.0.0.0 17 53-53 0-65535 Any Permit 466
3 Any 0.0.0.0/0.0.0.0 10.1.254.20/255.255.255.255 17 0-65535 53-53 Any Permit 2
4 Any 10.1.254.20/255.255.255.255 0.0.0.0/0.0.0.0 17 53-53 0-65535 Any Permit 2
5 Any 0.0.0.0/0.0.0.0 1.1.1.1/255.255.255.255 Any 0-65535 0-65535 Any Permit 0
6 Any 1.1.1.1/255.255.255.255 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit 9159
DenyCounter : 12069
Full config in attachment.
08-07-2019 06:34 AM
08-07-2019 07:31 AM
Do NOT use 1.1.1.1, that IP belongs to the company Cloudflare.
Use 192.168.x.x and it should start working.
08-14-2019 02:07 AM - edited 08-14-2019 02:09 AM
08-14-2019 05:27 AM - edited 08-14-2019 05:30 AM
What happens on the client?
Can you use a Windows based client with a real browser for testing?
Do you get a warning message?
Also add a DNS name pointing to the IP and I suggest to also get a public signed certificate for that name (or mobile phones will have issues/not connect) to the IP/name.
One more thing to check, does the client get a correct IP address?
The output of the logfile seems wrong to me, but I might be wrong.
08-14-2019 06:35 AM
Safari empty in the browser !
when i turn on url https://192.0.2.1 - WLC portal loading ok !
there is no warning either!
I created in DNS new A record: web-portal.
By name, it also loads normally! But you need to indicate it with your hands
08-14-2019 07:14 AM
08-15-2019 12:44 AM - edited 08-15-2019 06:11 AM
My config :
Web Auth CMCC Support ...................... Disabled
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Enable
Web Auth Captive-Bypass .................. Enable
Web Auth Secure Web ....................... Enable
Web Auth Secure Redirection ............... Enable
and my acl:
permit ALL DNS Number of hits
permit 0.0.0.0/0.0.0.0 192.0.2.1/255.255.255.255 Any Any Any Any Any 0
permit 192.0.2.1/255.255.255.255 0.0.0.0/0.0.0.0 Any Any Any Any Any 1115
But ! Not working redirect !
Testing on Windows client, in attach !
08-15-2019 07:01 AM
Sorry I'm not sure if I can help you any further.
I know that some clients require a valid certificate and the redirect must go to the URL (not IP address), but I think Windows 7 didn't require that.
What surprises me is the really weak wi-fi signal, but I don't think that is the reason for the guest-portal not working correctly.
Can you compare your settings (mostly the SSID ones) with those here:
https://rscciew.wordpress.com/2014/06/19/wlc-webauth-configuration/ (don't use the suggested IP written there, keep 192.0.2.1)
Maybe try it without an ACL for testing?
Alternative to the above link:
1. Under WLAN settings, configure the following
Security -> Layer 2 -> {Security Type WPA+WPA2} {WPA+WPA2 Paramters: WPA enabled, WPA2 Enabled}{Authentication Key Management: PSK}{PSK: Your Password}
Security -> Layer 3 -> {Layer 3 Security: Web Policy}{Webauth type: Passthrough}
08-15-2019 07:19 AM - edited 08-15-2019 07:29 AM
When i disable pre-ACL, redirect and internet not working ! And https://192.0.2.1 not working !
08-20-2019 07:03 AM
HELP me !
10-29-2019 01:07 PM
I'm having the same issue on 8.0.152.0. Did you find a fix for this?
12-04-2019 04:22 PM
If your controller does not have a valid SSL certificate you need to change Web Auth redirect URL to be non-https so web users dont get ssl warning.
(Cisco Controller) config> network web-auth secureweb disable
or you usually may change SSL setting via WLC web interface:
----> Go to MANAGEMENT on the top menu on the top menu and then click on HTTP-HTTPS on the left-hand side menu.
----> Under WebAuth SecureWeb use the drop down box to select:
Disabled: If your controller does not have a valid SSL certificate
Enabled: If your controller has a valid SSL certificate
04-22-2020 01:51 PM
Hi
im having similar issues however I’m setting my re-direct to my ISE box.
The issue I’m expecting is where my windows 10 device is connect to the guest SSID but it is not auto loading a web page with the re-direct url.
The WLC is on code 8.3.113 and ISE on 2.3(patch 4)
04-22-2020 02:03 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide