Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2918
Views
5
Helpful
5
Replies

WLC 5508 WEB-AUTH

Jay233
Level 3
Level 3

‎03-03-2011 02:39 AM - edited ‎07-03-2021 07:54 PM

Hi All,

Currently I have configured guest wireless access to use a custom web-auth splash screen using web-auth-passthrough.

This works fine for most clients but if I turn JavaScipt off and reconnect, I connect to the same wireless network but receive a Cisco default splash screen.

Does anyone know how to stop or edit this default splash screen action.

Jay

Thank you in advance for any replies.

Labels:
0 Helpful
5 Replies 5

Surendra BG
Cisco Employee
Cisco Employee

‎03-03-2011 02:59 AM

Hi Jason,

in order to have the web page load properly, it is not sufficient to       set the web-authentication type as customized globally in the       Security > Web Auth > Web login page. It must also be       configured on a particular WLAN . In order to do this, complete these       steps:

  1. Log into the GUI of the WLC.

  2. Click on the WLANs tab, and access the profile of             the WLAN configured for Web-authentication.

  3. On the WLAN > Edit page, click the Security tab. Then, choose Layer 3.

  4. On this page, choose None as the Layer 3             Security.

  5. Check the Web Policy box, and choose the             Authentication option.

  6. Check the Over-ride Global Config Enable box,             choose Customized (Downloaded) as the Web Auth Type, and             select the desired login page from the Login Pagepull down             menu. Click Apply.

Lemme know if the above resolves your problem!!

Regards

Surendra

Regards
Surendra BG

pmchandler
Level 1
Level 1
In response to Surendra BG

‎03-10-2011 08:55 AM

Hi Surendra,

I am working with Jason Jones on this issue. There are 4 WLCs in this deployment, 2 on the internal network and 2 in the DMZ. There is an EoIP tunnel between the internal and DMZ WLCs so that wireless guest access can break out onto the network from the DMZ instead of the internal network.

  • ALL WLCs have the Web Authentication Type is specified as Customized (Downloaded) under Security > Web Auth > Web Login Page.
  • Under WLANs > Security > Layer 3:
    • All WLCs are configured for Layer 3 Security = None
    • All WLCs are configured with Web Policy enabled with Passthrough
    • Only the DMZ controllers have Over-ride Global Config enabled with Web Auth Type = Customized (Downloaded)

This setup enables wireless guest users to see the customised web auth screen and click an accept button before being given access to the network EXCEPT if they have javascript disabled in their web browser. If they have javascript disabled, they see only a default cisco splash screen with no login/accept button. The custom Web Auth screen only has an 'Accept' button and does not request or require username and password.

  1. Why do you recommend the Web Policy be set as Authentication rather than Passthrough?
  2. Should this be set on the internal Controllers as well as the DMZ ones?

Thanks.

Paul

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to pmchandler

‎03-10-2011 10:38 PM

Paul,

nevermind Surendra's comment, it seems he missed the point of the question :-) Passthrough is fine since what you want is a splash page.

When having anchored SSID (one wlc in dmz and one inside the network), the SSID configuration has to be exactly identical, otherwise the anchoring will not work.

My question to you would be "why bother with javascript disabled ?" The Webauth page system does use javascript so it shouldn't be turned off.

pmchandler
Level 1
Level 1
In response to Nicolas Darchis

‎03-11-2011 01:27 AM

Hi Nicolas,

Many thanks for your response. I will ensure we configure the internal WLC the same as we have the external DMZ WLC for this SSID.

Regarding Javascript, the SSID is for guest users and so we have no control over how they configure the browsers on their wireless devices. For this reason, we would like to avoid seeing the default Cisco splash page (which although it asks you to log in, does not provide any way to do so) or we would like to know how to alter the text on the default Cisco splash page to notify users they need to enable Javascript to use this wireless network.

Do you know if either/both can be acheived?

Thanks,

0 Helpful

Nicolas Darchis
Cisco Employee
Cisco Employee
In response to pmchandler

‎03-11-2011 01:31 AM

As far as I know Javascript is a requirement for clients and it's impossible to modify the default splash page, especially because it's default so it's not accessible.

One thing I'm not sure about is if "security->web auth->web login page" menu on the wlc allows to configure a custom message on the default page for passthrough. it works for authentication but not sure for passthrough. Should be easy to try it out though.

Nicolas

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card