04-07-2021 02:05 PM - edited 07-05-2021 01:07 PM
We have an open wireless network, with no security.
We want to implement a Click-to-Accept page, when a client connects. Once the client clicks the accept button, we want them to be redirected to a website.
Solved! Go to Solution.
04-22-2021 11:48 AM
Can you check your config:
Configuration > Security > Web Auth > global
make sure you set the Virtual IPv4 Address "for example 192.0.2.1"
and you can create another Parameter Map and select Type = consent and any other options
after that, go to Configuration > Tags & Profiles > WLANs
Click on your SSID
go to Security > Layer 2 = none
Layer 3 Web Policy checked
WebAuth Parameter map = select the one you created with consent
a few notes:
Code prior 17.3:
If you limit the GUI Admin access to just https this will cause problems for the WebAuth, meaning, if we have:
no ip http server
ip http secure-server
then the http access for WebAuth will not accept http traffic only https,
Most today’s client’s devices (Smartphones or PCs) have a way to check that using their hidden websites to check connectivity, for example, Apple iPhone will check with Apple website dedicated for this purpose (http://captive.apple.com/hotspot-detect.html) to present to the user the login portal (AUP portal), same thing for Firefox, (http://detectportal.firefox.com/success.txt) this is done by http traffic, and if you disabled that as in above then you will not see a popup window.
17.3 code and after:
Starting from 17.3.1 we have new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html
we can have that http to Admin (Device Management) disabled and we can enable http if we want to the WebAuth using:
webauth-http-enable
from the "global" parameter map.
04-07-2021 04:04 PM
Pls see below document, that will help you to set it up
HTH
Rasika
*** Pls rate all useful responses ***
04-22-2021 10:12 AM
I followed the document, but can't seem to have the web page pop up, upon connecting.
04-22-2021 11:48 AM
Can you check your config:
Configuration > Security > Web Auth > global
make sure you set the Virtual IPv4 Address "for example 192.0.2.1"
and you can create another Parameter Map and select Type = consent and any other options
after that, go to Configuration > Tags & Profiles > WLANs
Click on your SSID
go to Security > Layer 2 = none
Layer 3 Web Policy checked
WebAuth Parameter map = select the one you created with consent
a few notes:
Code prior 17.3:
If you limit the GUI Admin access to just https this will cause problems for the WebAuth, meaning, if we have:
no ip http server
ip http secure-server
then the http access for WebAuth will not accept http traffic only https,
Most today’s client’s devices (Smartphones or PCs) have a way to check that using their hidden websites to check connectivity, for example, Apple iPhone will check with Apple website dedicated for this purpose (http://captive.apple.com/hotspot-detect.html) to present to the user the login portal (AUP portal), same thing for Firefox, (http://detectportal.firefox.com/success.txt) this is done by http traffic, and if you disabled that as in above then you will not see a popup window.
17.3 code and after:
Starting from 17.3.1 we have new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html
we can have that http to Admin (Device Management) disabled and we can enable http if we want to the WebAuth using:
webauth-http-enable
from the "global" parameter map.
10-03-2022 10:55 PM
Thank you for the very useful configurations. I have configured as directed and all my devices EXCEPT iPhones appear to be working as expected. Is there a special configuration for iPhones or Apple devices in general?
For my iPhone, upon selecting the SSID, there is no pop-up page. I have to go to my browser and try to get on the Internet, at that point I'm redirected to the portal page.
Has anybody experienced this? Can anyone help?
10-04-2022 12:05 PM
10-04-2022 12:10 PM
Thank you. Unchecking "Captive Bypass Portal" fixed it. We are on ISE 3.1 patch 3.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide