Wireless LAN Controller 5508 - Web Auth - Customized

msingh2007 · ‎09-27-2013

I have configured my WLC Controller 5508 to use Web Authentication using the Customized (Downloaded) page. I used the WebAuth bundle and the login.tar file from it, uploaded it and It works fine. The only issue is that if someone enters in the wrong username/password and presses submit, then it reroutes them to the Internal (Default) page half of the time. Other half of the time, they get a message dialog from WLC indicating that the username/password combination were incorrect. Any idea why the Internal (Default) page keeps coming up half of the time or how I can remove it?

Thanks!

blenka · ‎10-01-2013

Web authentication troubleshooting steps may help you.

http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080a38c11.shtml

msingh2007 · ‎10-04-2013

Thanks but I tried this and there are no issues. It keeps going back to the original page at http://192.x.x.x/login.html

Any way I can access that file and change the header so it redirects to the customized one? I tried many ways and even asked Cisco. There is no solution.

Lin Guo · ‎10-04-2013

I would re-edit the login.tar, make sure the content correct and it is clean on the page and saved. re-upload it to see if that fix it.

Abhishek Abhishek · ‎10-08-2013

Using a Customized Web Authentication Login Page from an External Web Server
If you want to use a customized web authentication login page that you configured on an external web server, follow the instructions in the GUI or CLI procedure below. When you enable this feature, the user is directed to your customized login page on the external web server.

--------------------------------------------------------------------------------

Note For Cisco 5500 Series Controllers, Cisco 2100 Series Controller, and controller network modules, you must configure a preauthentication access control list (ACL) on the WLAN for the external web server and then choose this ACL as the WLAN preauthentication ACL under Security Policies > Web Policy on the WLANs > Edit page. For external web authentication, the only type of ACL required is permit incoming and outgoing traffic from the external webserver IP address. See External Web Authentication with Wireless LAN Controllers for details on how to setup the correct ACL when configuring External Web authentication.

--------------------------------------------------------------------------------

Using the GUI to Choose a Customized Web Authentication Login Page from an External Web Server
To choose a customized web authentication login page from an external server, follow these steps:

Please refer to the link-

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70users.html#wp1049404

Scott Fella · ‎10-08-2013

Your most likely hitting a bug. I remember there were multiple versions in which that was happening. I don't know what code your running but I think that was fixed in v7.3 or later.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Abha Jha · ‎10-08-2013

 External Webauth redirecting to internal login page after login failure

when user auth fails,internal login displayed instead of external server

Its a bug fixed in 7.3 version.

msingh2007 · ‎10-09-2013

A few days ago I upgraded the version to 7.4, and still got the same issue. So I know that doesn't fix the issue I have. I read the following today in a caveat for Release 7.5.102.0:

CSCtz41068

Symptom: Web Authentication on MAC Filter Failure authentication might sporadically fail.

Condition: Controller using Release 7.0.116.0 or Release 7.0.230.0. Free RADIUS Server authentication for MAC authentication configured with default 1-second access-rejec. Clients might fail to get redirected to the web authentication splash page for authentication attempt, and remain in the `DHCP Required' state.

Workaround: Configure Free RADIUS access-reject response timer to zero.

Any clue where I can configure this? Cisco isn't very good at giving instructions.

Thanks!

Scott Fella · ‎10-08-2013

Thanks for looking it up... I hate searching the bug tool:)

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎10-09-2013

You are not using free radius as a radius sever correct? If not, this doesn't pertain to your issue.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

msingh2007 · ‎10-09-2013

No I'm not. I am using ACS. But would you know where this option is anyhow?

Scott Fella · ‎10-09-2013

Don't know if that's configurable on ACS.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎10-09-2013

Upgrade to v7.3 or later is what I would say.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

msingh2007 · ‎10-09-2013

I've already done that Scott and still have the same issue. I even used the default login,tar file to see if there is something wrong with my file, and that didn't help either. Are there any issues in going to v7.5? I am thinking of upgrading it one more step. Thoughts?

Scott Fella · ‎10-09-2013

Well I haven't had that issue with v7.4.110.0 or v7.5. I'm on v7.5 for my home testing and just tried it and it works fine.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***