Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2360
Views
0
Helpful
1
Replies

Web Authentication on HTTP Instead of HTTPS in WLC 5700 and WS-C3650-48PD (IOS XE)

SupportAC
Level 1
Level 1

‎03-16-2015 08:35 AM - edited ‎07-05-2021 02:43 AM

Hello,

 

I have configured a Guest SSID with web authentication (captive portal).

 

wlan XXXXXXX 2 Guest
 aaa-override
 client vlan YYYYYYYYY
 no exclusionlist
 ip access-group ACL-Usuarios-WIFI
 ip flow monitor wireless-avc-basic input
 ip flow monitor wireless-avc-basic output
 mobility anchor 10.181.8.219
 no security wpa
 no security wpa akm dot1x
 no security wpa wpa2
 no security wpa wpa2 ciphers aes
 security web-auth
 security web-auth parameter-map global
 session-timeout 65535
 no shutdown

The configuration of webauth parameter map  is :

 

service-template webauth-global-inactive
 inactivity-timer 3600 
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
 voice vlan
!

parameter-map type webauth global
 type webauth
 virtual-ip ipv4 1.1.1.1
 redirect on-success http://www.google.es
!

I need to  login on web authentication on HTTP instead of HTTPS.

If I  login on HTTP, I will not receive certificate alerts that prevent the users connections.

I saw how to configure it with 7.x relesae but I have IOS XE Version 03.03.05SE and I don´t know how to configure it.

 

Web Authentication on HTTP Instead of HTTPS

You can login on web authentication on HTTP instead of HTTPS. If you login on HTTP, you do not receive certificate alerts.

For earlier than WLC Release 7.2 code, you must disable HTTPS management of the WLC and leave HTTP management. However, this only allows the web management of the WLC over HTTP.

For WLC Release 7.2 code, use the config network web-auth secureweb disable command to disable. This only disables HTTPS for the web authentication and not the management. Note that this requires a reboot of the controller !

On WLC Release 7.3 and later code, you can enable/disable HTTPS for WebAuth only via GUI and CLI.

 

Can anyone tell me how to configure web authentication on HTTP instead of HTTPS with IOS XE?

Thanks in advance.

 

Regards.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

matt-in-slo
Level 1
Level 1

‎01-26-2016 02:55 PM

Kind of an old thread, but I just ran into a similar issue. What we were looking to do on a 5520 WLC, was to allow webauth over http only to avoid the certificate error, but to only allow management via https so we weren't sending passwords around in clear text.

What I did was:

  1. Enable HTTP traffic on the GUI under Management > HTTP - HTTPS
  2. Create an ACL under Security > Access Control List
  3. This ACL had two rules. The first denied http traffic directed at the management interface.
  4. The second rule allowed any any. This is important because there is implicit denial in WLCs, just like routers 
  5. I attached the new ACL to the CPU under Securtiy > Access Control Lists > CPU Access Control Lists
  6. Rebooted the Controller

So far seems to be working really well. Hope this helps someone. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card