06-19-2008 09:49 AM - edited 07-03-2021 04:03 PM
I am finding conflicting information on Web Portal Guest Authentication. I would like to confirm that the guest username and passwords are encrypted (via https) between the client and the WLC during the redirect to the Virtual interface (1.1.1.1 in my case).
What I found in a configuration document is as follow.... "Web authentication is supported only through HTTP. HTTPS is not supported. Because web authentication is tied to the management login on the controller, HTTPS login for management must be disabled and HTTP for management must be enabled.â
But at the same time, when looking at authentication page examples in the some config guides, the redirect page address is https://1.1.1.1 and not http://1.1.1.1
Could someone confirm to me if the username and password are encrypted when exchanged between the user and the WLC?
Your support is appreciated
Thanks
Etienne
06-20-2008 07:19 PM
Since you are using an ssl cert (Cisco or a 3rd Party), it is encrypted between the client and ap. Traffic from ap to wlc is not encrypted. Encryption and decryption is handled by the ap.
Hope this helps.
01-26-2009 01:53 PM
This is kind of a late reply, but if you are interested in my two cents; I've learned that with the WLC guest authentication you can have either SSL or HTTP enabled for the user authentication.
If you have SSL enabled, the auth page defaults to the encrypted https://1.1.1.1 url, hence the auth page is encrypted along with the credentials entered onto the page.
I found this out when trying to get rid of the self-signed certificate errors users would get when they first authenticate on my guest wireless network. It's a pain to get a trusted cert working on this setup, so I just opted to use HTTP. The drawback to this, however, is that my web management connection to my anchor WLC is HTTP.
03-10-2009 10:10 AM
CDeeds,
Your feedback is appreciated. I am also stumped on how to get a trusted cert for the https://1.1.1.1 URL. I'd be surprised if any trusted authority (GoDaddy, Verisign, etc) would hand out a certificate to a host with the name 1.1.1.1.
If anybody else has any ideas on how to get a trusted certificate on this thing, please let us know. It drives my users nuts to have to click 'I accept' to a homemade certificate.
03-11-2009 04:53 AM
Hi,
If you go to virtual interface and open its properties, you can add address to which should wlc redirect insted of 1.1.1.1. This domain should be used for cert and should be translate to 1.1.1.1 by DNS.
Cheers
Greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide