Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2149
Views
20
Helpful
6
Replies

WLC 9800-40 Click to Accept Webpage

Go to solution
scottsassin
Level 1
Level 1

‎04-07-2021 02:05 PM - edited ‎07-05-2021 01:07 PM

We have an open wireless network, with no security.

We want to implement a Click-to-Accept page, when a client connects. Once the client clicks the accept button, we want them to be redirected to a website.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Grendizer
Cisco Employee
Cisco Employee
In response to scottsassin

‎04-22-2021 11:48 AM

Can you check your config:

Configuration > Security > Web Auth > global

make sure you set the Virtual IPv4 Address "for example 192.0.2.1"

and you can create another Parameter Map and select Type = consent and any other options

after that, go to Configuration > Tags & Profiles > WLANs

Click on your SSID

go to Security > Layer 2 = none

Layer 3 Web Policy checked

WebAuth Parameter map = select the one you created with consent

a few notes:

Code prior 17.3:

If you limit the GUI Admin access to just https this will cause problems for the WebAuth, meaning, if we have:

no ip http server

ip http secure-server

then the http access for WebAuth will not accept http traffic only https,

Most today’s client’s devices (Smartphones or PCs) have a way to check that using their hidden websites to check connectivity, for example, Apple iPhone will check with Apple website dedicated for this purpose (http://captive.apple.com/hotspot-detect.html) to present to the user the login portal (AUP portal), same thing for Firefox, (http://detectportal.firefox.com/success.txt) this is done by http traffic, and if you disabled that as in above then you will not see a popup window.

17.3 code and after:

Starting from 17.3.1 we have new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html

we can have that http to Admin (Device Management) disabled and we can enable http if we want to the WebAuth using:

webauth-http-enable

from the "global" parameter map.

View solution in original post

6 Replies 6

Go to solution
Rasika Nayanajith
VIP
VIP

‎04-07-2021 04:04 PM

Pls see below document, that will help you to set it up

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213923-configure-a-web-authentication-ssid-on-c.html 

 

HTH

Rasika

*** Pls rate all useful responses ***

Go to solution
scottsassin
Level 1
Level 1
In response to Rasika Nayanajith

‎04-22-2021 10:12 AM

I followed the document, but can't seem to have the web page pop up, upon connecting.

0 Helpful

Go to solution
Grendizer
Cisco Employee
Cisco Employee
In response to scottsassin

‎04-22-2021 11:48 AM

Can you check your config:

Configuration > Security > Web Auth > global

make sure you set the Virtual IPv4 Address "for example 192.0.2.1"

and you can create another Parameter Map and select Type = consent and any other options

after that, go to Configuration > Tags & Profiles > WLANs

Click on your SSID

go to Security > Layer 2 = none

Layer 3 Web Policy checked

WebAuth Parameter map = select the one you created with consent

a few notes:

Code prior 17.3:

If you limit the GUI Admin access to just https this will cause problems for the WebAuth, meaning, if we have:

no ip http server

ip http secure-server

then the http access for WebAuth will not accept http traffic only https,

Most today’s client’s devices (Smartphones or PCs) have a way to check that using their hidden websites to check connectivity, for example, Apple iPhone will check with Apple website dedicated for this purpose (http://captive.apple.com/hotspot-detect.html) to present to the user the login portal (AUP portal), same thing for Firefox, (http://detectportal.firefox.com/success.txt) this is done by http traffic, and if you disabled that as in above then you will not see a popup window.

17.3 code and after:

Starting from 17.3.1 we have new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes:

https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html

we can have that http to Admin (Device Management) disabled and we can enable http if we want to the WebAuth using:

webauth-http-enable

from the "global" parameter map.

Go to solution
doyejide1
Level 1
Level 1
In response to Grendizer

‎10-03-2022 10:55 PM

Thank you for the very useful configurations. I have configured as directed and all my devices EXCEPT iPhones appear to be working as expected. Is there a special configuration for iPhones or Apple devices in general?

For my iPhone, upon selecting the SSID, there is no pop-up page. I have to go to my browser and try to get on the Internet, at that point I'm redirected to the portal page.

Has anybody experienced this? Can anyone help?

0 Helpful

Go to solution
Grendizer
Cisco Employee
Cisco Employee
In response to doyejide1

‎10-04-2022 12:05 PM

Check if you have "Captive Bypass Portal" enabled or checked in the parameter map, if it's unchecked then let me ask you, is this with ISE 3.1? if so, just install patch 3 or 4 because it has a fix for that.

Go to solution
doyejide1
Level 1
Level 1

‎10-04-2022 12:10 PM

Thank you. Unchecking "Captive Bypass Portal" fixed it. We are on ISE 3.1 patch 3.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card