Solved: WLC 4402 Configuration help

ALIAOF_ · ‎06-27-2013

I have a Cisco WLC 4402 that I need to configure two SSID's one for the corporate users and one for the Guests. I got that part done. Now whoever set it up initially has it like this:

management: 192.168.1.25/24

ap-manager: 192.168.1.26

VLAN Identifier: Untagged on both

Now there is a trunk port on the router that is configured with this VLAN. So I created another sub interface for the Guest network 192.168.2.0/24

I am confused about the fact that the existing corporate SSID is mapped to the management under Interface/Interface Group(G). However Cisco's website says that it should not be mapped to the management interface but I don't see any other option in there.

Also:

1- What is the best way to configure the guest network/vlan?

2- I need corporate users to be able to use their AD credentials to login

3- Guests users I need them to just see a web page asking them to hit accept

Is it possible to accomplish both?

Thank you in advance.

Scott Fella · ‎06-29-2013

Also make sure there is a login.html file. The extension .html is important. The use of login.htm will not work.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080bf7d89.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

George Stefanick · ‎06-27-2013

Hi

If it where me I would create 3 subnets, one more than you have now. Leave mgt on .1, put guest on .2 and create a new one for your corp. this way your users aren't sitting in the same vlan as your controller and the ap tunnel traffic.

If you want to use ad. Then you need to deploy a eap, like eap PEAP with radius.

The wlc can offer a guest page and you can have a simple aup. Google Cisco wlc guest example and you will get the guest example.

Hope this helps

Sent from Cisco Technical Support iPad App

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

ALIAOF_ · ‎06-27-2013

Ok so by default if I setup the LDAP or RADIUS and then use the built in login page that wouldn't use the the AD credentials?

kcnajaf · ‎06-27-2013

Hi Mohammad,

By default it wont use it. You will have to configure it :-)

Have a look at below link which details how to configure webauthetication with radius server. Here you can see that after selecting web authetication you will have to go to aaa server tab and select the radius server there to send the radius request to that server.

http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4be05.shtml

Again what i understood from your previous posting was that you wanted the AD authetication only for co-operate cutomers? Is in it?Keep in mind that web authentication does not provide data encryption. Web authentication is typically used as simple guest access for either a "hot spot" or campus atmosphere where the only concern is the connectivity and it is not recommented for a co-operate environment.

Hope that helps.

Regards

Najaf

Please rate when applicable or helpful !!!

ALIAOF_ · ‎06-29-2013

Any one familiar with this error I can't seem to upload the files to the WLC.

*TransferTask: Jun 29 15:01:28.782: %UPDATE-3-FILE_OPEN_FAIL: updcode.c:2889 Failed to open file login.html.

*TransferTask: Jun 29 15:01:28.781: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:484 Failed to open the file : /mnt/application/webauth_ramdisk/login.html.(erno 2)

*TransferTask: Jun 29 14:51:28.980: %UPDATE-3-FILE_OPEN_FAIL: updcode.c:2889 Failed to open file login.html.

*TransferTask: Jun 29 14:51:28.979: %OSAPI-3-FILE_OPEN_FAILED: osapi_file.c:484 Failed to open the file : /mnt/application/webauth_ramdisk/login.html.(erno 2)

ALIAOF_ · ‎07-01-2013

Najaf thank you for the link I'm looking at the link that is what I am trying to accomplish but two questions and/or issues here:

1- That link shows that I'll have to redirect a client to and external server, can't I just use one of the custom downloaded page?

2- It shows configuration on Cisco ACS I do not have Cisco ACS unfortunately.

Scott Fella · ‎06-29-2013

Looks like you are trying to upload a custom WebAuth bundle.ale sure it less than 2mb and also make sure your using Power Archiver or 7-zip to tar the files if your using Windows.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎06-29-2013

Also make sure there is a login.html file. The extension .html is important. The use of login.htm will not work.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080bf7d89.shtml

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

ALIAOF_ · ‎07-01-2013

Lol thank you Scott yes that was it I was renaming the files it worked right after I changed the file name back to login.html. I did this like 2 years ago but totally forgot, had the same exact issue lol. Gonna have the users test guest auth today. Now just the AD authentication part left I'm hoping I can load a second page with the user ID and Password box and push that out to the corporate SSID and users can type in their AD username and password to login. Do you know if that is possible, that is something I have not done.

Scott Fella · ‎07-01-2013

Haha... Well it's working now so just keep a note.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***