cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2933
Views
20
Helpful
6
Replies

WLC 9800-40 Click to Accept Webpage

scottsassin
Level 1
Level 1

We have an open wireless network, with no security.

We want to implement a Click-to-Accept page, when a client connects. Once the client clicks the accept button, we want them to be redirected to a website.

1 Accepted Solution

Accepted Solutions

Can you check your config:

Configuration > Security > Web Auth > global

make sure you set the Virtual IPv4 Address "for example 192.0.2.1"

and you can create another Parameter Map and select Type = consent and any other options

after that, go to Configuration > Tags & Profiles > WLANs

Click on your SSID

go to Security > Layer 2 = none

Layer 3 Web Policy checked

WebAuth Parameter map = select the one you created with consent

a few notes:

Code prior 17.3:

If you limit the GUI Admin access to just https this will cause problems for the WebAuth, meaning, if we have:

no ip http server

ip http secure-server

then the http access for WebAuth will not accept http traffic only https,

Most today’s client’s devices (Smartphones or PCs) have a way to check that using their hidden websites to check connectivity, for example, Apple iPhone will check with Apple website dedicated for this purpose (http://captive.apple.com/hotspot-detect.html) to present to the user the login portal (AUP portal), same thing for Firefox, (http://detectportal.firefox.com/success.txt) this is done by http traffic, and if you disabled that as in above then you will not see a popup window.

17.3 code and after:

Starting from 17.3.1 we have new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html

we can have that http to Admin (Device Management) disabled and we can enable http if we want to the WebAuth using:

webauth-http-enable

from the "global" parameter map.

View solution in original post

6 Replies 6

Pls see below document, that will help you to set it up

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213923-configure-a-web-authentication-ssid-on-c.html 

 

HTH

Rasika

*** Pls rate all useful responses ***

I followed the document, but can't seem to have the web page pop up, upon connecting.

Can you check your config:

Configuration > Security > Web Auth > global

make sure you set the Virtual IPv4 Address "for example 192.0.2.1"

and you can create another Parameter Map and select Type = consent and any other options

after that, go to Configuration > Tags & Profiles > WLANs

Click on your SSID

go to Security > Layer 2 = none

Layer 3 Web Policy checked

WebAuth Parameter map = select the one you created with consent

a few notes:

Code prior 17.3:

If you limit the GUI Admin access to just https this will cause problems for the WebAuth, meaning, if we have:

no ip http server

ip http secure-server

then the http access for WebAuth will not accept http traffic only https,

Most today’s client’s devices (Smartphones or PCs) have a way to check that using their hidden websites to check connectivity, for example, Apple iPhone will check with Apple website dedicated for this purpose (http://captive.apple.com/hotspot-detect.html) to present to the user the login portal (AUP portal), same thing for Firefox, (http://detectportal.firefox.com/success.txt) this is done by http traffic, and if you disabled that as in above then you will not see a popup window.

17.3 code and after:

Starting from 17.3.1 we have new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html

we can have that http to Admin (Device Management) disabled and we can enable http if we want to the WebAuth using:

webauth-http-enable

from the "global" parameter map.

Thank you for the very useful configurations. I have configured as directed and all my devices EXCEPT iPhones appear to be working as expected. Is there a special configuration for iPhones or Apple devices in general?

For my iPhone, upon selecting the SSID, there is no pop-up page. I have to go to my browser and try to get on the Internet, at that point I'm redirected to the portal page.

Has anybody experienced this? Can anyone help?

Check if you have "Captive Bypass Portal" enabled or checked in the parameter map, if it's unchecked then let me ask you, is this with ISE 3.1? if so, just install patch 3 or 4 because it has a fix for that.

doyejide1
Level 1
Level 1

Thank you. Unchecking "Captive Bypass Portal" fixed it. We are on ISE 3.1 patch 3.

Review Cisco Networking for a $25 gift card