11-27-2015 07:25 AM - edited 07-05-2021 04:18 AM
Hi all,
We are running web-auth on a cisco 550 WLC. The login page is located locally on the WLC.
As we all know, apple devices have a feature where it senses if it is connected to the internet when it connects, if not it sends a http-get that will open the web-auth-login page automatically.
This feature was not working very well for iOS-devices, because our login-page dissapeared before you could finish typing your credentials.
So we enabled the "config network web-auth captive-bypass" to force the iOS user to open a browser to be redirected to the login-page. This all worked fine...
However, on a MAC-OS-device, which worked fine before, now takes extremely long time to be redirected, and sometimes not redirected at all.
Here is a debug web-auth on a MAC-OS-device:
*emWeb: Nov 27 14:07:45.373: SSL Connection created for MAC:b8:e8:56:11:b1:4a
*emWeb: Nov 27 14:07:45.503:
ewaURLHook: Entering:url=/, virtIp = 1.1.1.1, ssl_connection=1, secureweb=1
*emWeb: Nov 27 14:07:45.503: Replaced url / with /login.html
*emWeb: Nov 27 14:07:45.503:
ewaProcessWebAuthRedirectFlag: Calling getUrl_https_redirect redirect flag 1
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Preparing redirect URL according to configured Web-Auth type
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- got the hostName for virtual IP(portal.wireless.malmo.se)
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Checking custom-web config for WLAN ID:1
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Global status is disabled, checking on WLAN web-auth type
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Web-auth type Customized, using URL:https://portal.wireless.malmo.se/fs/customwebauth/login.html
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Added switch_url, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html
*emWeb: Nov 27 14:07:45.504: b8:e8:56:11:b1:4a- Added ap_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52
*emWeb: Nov 27 14:07:45.504: b8:e8:56:11:b1:4a- Added client_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:8
*emWeb: Nov 27 14:07:45.504: b8:e8:56:11:b1:4a- Added wlan, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea
*emWeb: Nov 27 14:07:45.504:
ewaProcessWebAuthRedirectFlag: getUrl_https_redirect Succeeded
*emWeb: Nov 27 14:07:50.113: SSL Connection created for MAC:b8:e8:56:11:b1:4a
*emWeb: Nov 27 14:07:50.127: SSL Connection created for MAC:b8:e8:56:11:b1:4a
*webauthRedirect: Nov 27 14:07:50.616: b8:e8:56:11:b1:4a- received connection. client socket = 109
*webauthRedirect: Nov 27 14:07:50.617: b8:e8:56:11:b1:4a- trying to read on socket 109
*webauthRedirect: Nov 27 14:07:50.617: b8:e8:56:11:b1:4a- calling parser with bytes = 186
*webauthRedirect: Nov 27 14:07:50.617: b8:e8:56:11:b1:4a- bytes parsed = 186
*webauthRedirect: Nov 27 14:07:50.617: captive-bypass detection enabled, checking for wispr in HTTP GET, client mac=b8:e8:56:11:b1:4a
*webauthRedirect: Nov 27 14:07:50.617: captiveNetworkMode enabled, mac=b8:e8:56:11:b1:4a user_agent = Mac OS X/10.10.2 (14C109)
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Preparing redirect URL according to configured Web-Auth type
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- got the hostName for virtual IP(portal.wireless.malmo.se)
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Checking custom-web config for WLAN ID:1
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Global status is disabled, checking on WLAN web-auth type
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Web-auth type Customized, using URL:https://portal.wireless.malmo.se/fs/customwebauth/login.html
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added switch_url, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added ap_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added client_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:8
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added wlan, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- http_response_msg_body1 is <HTML><HEAD><TITLE> Web Authentication Redirect</TITLE><META http-equiv="Cache-control" content="no-cache"><META http-equiv="Pragma" content="
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- parser host is init-p01st.push.apple.com
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- parser path is /bag
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- added redirect=, URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea:80&
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- str1 is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea:80&client_mac=b8:e8
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- clen string is Content-Length: 487
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Message to be sent is
HTTP/1.1 200 OK
Location: https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- send data length=798
*webauthRedirect: Nov 27 14:07:50.619: b8:e8:56:11:b1:4a- Web-auth type External, but unable to get PerProfile URL
*webauthRedirect: Nov 27 14:07:50.619: b8:e8:56:11:b1:4a- cleaning up after send
*webauthRedirect: Nov 27 14:07:50.619: 1476 - b8:e8:56:11:b1:4a- closing socket= 109
Any ideas?
11-27-2015 09:09 AM
Are you saying that is was working fine for a while and all of a sudden its not?
So we enabled the "config network web-auth captive-bypass" to force the iOS user to open a browser to be redirected to the login-page. This all worked fine...
However, on a MAC-OS-device, which worked fine before, now takes extremely long time to be redirected, and sometimes not redirected at all.
post your show version and show wlan <wlan id>
Just to add, Apple users are use to having the device open a browser and this might cause issues with end users. Even on Windows 10, that opens a browser automatically. If disabling the bypass fixes the issue, then I would suggest you disable that and allow the OS to do what it's suppose to do.
-Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide