cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
273
Views
3
Helpful
7
Replies

Web Auth redirect to passthrough on 9800

ashmead123
Level 1
Level 1

I have an existing 5520 with a guest SSID that uses web-auth. It works fine with the passthrough option. Clients are redirected to a web page hosted externally. they click a button and gain access.

I am trying to recreate this with a 9800 v17.9.4a, however the 'passthrough' option is not available.

In web-auth I have:

global:

ashmead123_0-1728397378360.png

I have also created a 'guest' parameter map using content type with the URL redirect detailed in the advanced tab.  This parameter map is referenced in the WLAN.

The clients get redirected to the URL, however the button click does not allow them to get into the run state.

Any help is much appreciated!

 

 

 

 

 

 

 

 

7 Replies 7

Thanks @Flavio Miranda I have checked the config in that document and all looks good. I believe my issue is specific to a remote web auth passthrough page

Yes, if you check the config and it is fine from the WLC side, the portal can be the issue

ashmead123
Level 1
Level 1

Yeah, I think you are right. Just seen a client try and connect, they are at least getting an IP address. Unfortunately I a not on site so I don't know if the client just didn't click the button!

 

Time Task Translated
2024/10/08 17:59:20.134 client-orch-sm Client made a new Association to an AP/BSSID: BSSID a400.4e24.5a8b, WLAN Public Wifi, Slot 1 AP a400.4e24.5a80, Test_01
2024/10/08 17:59:20.135 dot11 Association success for client, assigned AID is: 1
2024/10/08 17:59:20.138 client-orch-state Starting Mobility Anchor discovery for client
2024/10/08 17:59:23.141 client-orch-state Entering IP learn state
2024/10/08 17:59:25.146 client-iplearn Client got IP: 10.10.100.248, discovered through: DHCP
2024/10/08 17:59:25.147 client-auth Initiated layer 3 authentication with local web-auth
2024/10/08 18:06:53.375 client-orch-sm Controller initiated client deletion with code: CO_CLIENT_DELETE_REASON_MN_IDLE_TIMEOUT. Explanation: Client deleted by AP, due to inactivity. Normal scenario. Actions: None required

probably the client did not move forward with the authenticaiton due the log CO_CLIENT_DELETE_REASON_MN_IDLE_TIMEOUT

Or there the portal is not returning status (success/unsucess ) to the WLC

Haydn Andrews
VIP Alumni
VIP Alumni

Has the virtual IP address changed? You also need the Virtual IP Hostname from memory for this to work to an external portal configured

*****Help out other by using the rating system and marking answered questions as "Answered"*****
*** Please rate helpful posts ***

That's a good point @Haydn Andrews . The portal currently talks to the 5520 on 1.1.1.1. The 9800 is using 192.0.2.1. Will I need to create a hostname separate to the management hostname? Then create a DNS record to point the virtual IP hostname to the virtual IP (192.0.2.1)?

Review Cisco Networking for a $25 gift card