ISE wireless web authentication for guest management not redirecting

Similar Messages

• RADIUS Authentication for Guest users

  Hi,
  I currently use a 4402 WLC located in our DMZ to authenticate Guest users - local authentication is in place.  I would not like to setup RADIUS authentication via a Cisco NAC server.  In order not to affect current guest users, I created a new WLAN and configured with RADIUS server details under WLANs->Edit->Security.  I can associate to new WLAN and obtain a DHCP address no problem, but when I browse to an external website, I do not get prompted for authentication from the RADIUS server.  I don't see any auth requests hitting our firewal, so am assuming the problem is with the WLC config.
  Can anyone provide any details of what config is required?
  Security Policy - Web-Auth
  Security-> L2 - None
  Security-> L3 - Authentication
  Security-> AAA Servers - Auth and Acc server set
  Many thanks
  Liam

  your setup sounds pretty okay. have you got local user accounts set up on the WLC for the test WLAN? if you do, check to see that the priority order for web authentication for the test WLAN prefers the AAA account. you will have to do it directly on your controller as i do not think you have that option in WCS.
  hope that helps

• NAC guest server with RADIUS authentication for guests issue.

  Hi all,
  We have just finally successfully installed our Cisco NAC guest server. We have version 2 of the server and basically the topology consists of a wism at the core of the network and a 4402 controller at the dmz, then out the firewall, no issues with that. We do however have a few problems, how can we provide access through a proxy without using pak files obviously, and is there a way to specify different proxies for different guest traffic, based on IP or a radius attribute etc.
  The second problem is more serious; refer to the documentation below from the configuration guide for guest nac server v2. It states that hotspots can be used and the Authentication option would allow radius authentication for guests, I’ve been told otherwise by Cisco and they say it can’t be done, has anyone got radius authentication working for guests.
  https://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html
  -----START QUOTE-----
  Step 7 From the Operation mode dropdown menu, you can select one of the following methods of operation:
  •Payment Provider—This option allows your page to integrate with a payment providing billing system. You need to select a predefined Payment Provider from the dropdown. (Refer to Configuring Payment Providers for details.) Select the relevant payment provider and proceed to Step 8.
  •Self Service—This option allows guest self service. After selection proceed to Step 8.
  •Authentication—This option allows RADIUS authentication for guests. Proceed to Step 9.
  ----- END QUOTE-----
  Your help is much appreciated on this, I’ve been looking forward to this project for a long time and it’s a bit of an anti climax that I can’t authenticate guests with radius (We use ACS and I was hoping to hook radius into an ODBC database we have setup called open galaxy)
  Regards
  Kevin Woodhouse

  Well I will try to answer your 2nd questions.... will it work... yes.  It is like any other radius server (high end:))  But why would you do this for guest.... there is no reason to open up a port on your FW and to add guest accounts to and worse... add them in AD.  Your guest anchor can supply a web-auth, is able to have a lobby admin account to create guest acounts and if you look at it, it leaves everything in the DMZ.
  Now if you are looking at the self service.... what does that really give you.... you won't be able to controll who gets on, people will use bogus info and last but not least.... I have never gotten that to work right.  Had the BU send me codes that never worked, but again... that was like a year ago and maybe they fixed that.  That is my opinion.

• Wireless Web authentication timeout

  Hello, our wireless web authentication is usually timing out after half an hour of inactivity. How can i increase it so people do not need to reauthenticate after 30 min of inactivity?
  Thanks in advance.

  It's in the WLAN definition on the Advanced tab.

• Using weblogic as web server for Enterprise Manager can someone pls help?

  hello,
  can i have your help on this?
  i want to use Weblogic as web server instead of apache in the structure of Enterprise Manager 10g R3?
  have any of you try this? can someone please provide me some link related to how to configure Weblogic as web server for Enterprise Manager.
  Many thanks in advance
  Cheers,
  Cosmin

  You'll probably have better luck posting in the Enterprise Manager forum:
  Enterprise Manager

• Using Weblogic as web server for Enterprise Manager 10g R3?

  hello,
  can i have your help on this?
  i want to use Weblogic as web server instead of apache in the structure of Enterprise Manager 10g R3?
  have any of you try this? can someone please provide me some link related to how to configure Weblogic as web server for Enterprise Manager.
  Many thanks in advance
  Cheers,
  Cosmin

  Im dont think its possible to do this with enterpise manager (Dbcosole), It might be possible with GRID .. have a look here
  http://www.oracle.com/technology/products/wag/index.html

• WLC to ISE authentication for Guest

  Hi Experts,
  Hope if you could guide me with our setup for Guest users. Below is what we are doing
  a)     Guest connects to SSID
  b)     WLC is being used to redirect Guest HTTP to WLC internal Portal
  c)     WLC forwards guest authentication details to cisco ISE [ISE and WLC radius]
  The guest connects to SSID and does get WLC portal for authentication, when the username and password entered on Cisco ISE i see error message as
  'User Identity not found in any of Identity Store' though it is going through correct Store and the Guest name is certainly configured on Cisco ISE. ISE version is 1.2 and WLC is 7.4, please let me know if i am missing anything here.
  Appreciate your help

  The first method is local web authentication. In this case, the WLC redirects the HTTP traffic to an internal or external server where the user is prompted to authenticate. The WLC then fetches the credentials (sent back via an HTTP GET request in the case of external server) and makes a RADIUS authentication. In the case of a guest user, an external server (such as Identity Services Engine (ISE) or NAC Guest Server (NGS)) is required as the portal provides features such as device registering and self-provisioning. The flow includes these steps:
  Please follow below guide for step by step configuration:
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

• Generate one time authentication for Guest on Cisco WLC

  Hi All
  Sorry for my question, because I just started to work with Cisco WLC.
  I have created some WLAN for local users with authentication by 802.1x + Radius by certificate.
  For Guest I used PSK with MAC-filtering.
  But I see that is not comfortable for Guests, each time they come and want to access our wireless, we have to come and get their MAC.
  I checked on Internet and find that the wireless solution for Hotel, Resorts are very easy.
  I also googled and see that Cisco WLC support Lobby Ambassador to generate Guest username/password. But as I checked, this username/password might only use with Web-Auth, this method is not comfortable for Guest who don't know they have to go to Web-Auth to do authentication (e.g: when they only get pop3 email, or vpn, ... not use browsers)
  Could I use this method (or another method) for creating one time Guest wireless username/password or Guest PSK that can be used for authentication when Guests click to Wireless-SSID name only (no need to open web browser to do Web-Auth).
  Regards
  Hai

  Hi Choudhary
  Thank you much for your information
  Could I reconfirm about my concern.
  With Cisco WLC, I can use WebAuth with Guest user only
  If I want to use Guest user for authentication when guests connect to SSID (not by WebAuth, I means use Layer 2 security only, not Layer 3), I will have to use additional Radius Server.
  And if I understand right, could you please recommend me software based Radius Server with support generate one time username/password for Guest, because I checked IAS/NPS on windows server may not have this function (ISE is not appropriate for us at this time, due to high expense)
  Regards
  Hai

• The Web Agent for IIS will not work

  Environment: NT4 Server, IIS4
  I try to install the Web Agent in use with IIS but IIS fails to load the dll. After the installation I can read the event-log :
  The HTTP server was unable to load the ISAPI Application 'C:\Oracle\Ora81\ord\web\bin\wsciis81.dll'. The data is the error.
  And the Browser gives me:
  A dynamic link library (DLL) initialization routine failed.
  What can be wrong?

  Note: On Windows NT, use \ instead of / to separate file system directory
  paths.
  1. Check the Web Agent's log file.
  Look in <oracle_home>/ord/web/logs for a log file in the form
  wsc_<yyyymmdd>_<pid>.log. If the file exists, review it for errors,
  then take the necessary action to remedy the problem. Possible
  problems that might be logged are non-recoverable errors in the Web
  Agent's configuration file <oracle_home>/ord/web/admin/wsc.cfg. If the
  configuration file or the <oracle_home>/ord/web directory hierarchy
  doesn't exist, then re-do the installation.
  2. Check the Web Agent's "last-chance" error log file.
  If the <oracle_home>/ord/web/logs directory exists, but there are no
  log files, check in the %SystemRoot% directory on Windows NT or the
  /tmp directory on Unix for a file named wsclstch.err. This is the Web
  Agent's "last-chance" error log file. The Web Agent will try to write
  to this file if it encounters a fundamental startup error, such as a
  problem initializing CORE or NLS, creating a log file, or opening its
  message file. If the file exists, review it for errors, then take the
  necessary action to remedy the problem. (In a command window on
  Windows NT, type set SystemRoot to find where the wsclstch.err file
  would be written.)
  3. Check the web server configuration.
  If the Web Agent failed to create either its normal log file or its
  "last-chance" error log file, verify that the Web Agent has been
  configured correctly for the particular web server being used and that
  the web server is running.
  o Microsoft IIS
  Use the Internet Service Manager to verify that IIS has been
  configured correctly for the Web Agent. Review the installation
  and configuration instructions in the wsciis.html or wsciis.txt
  files to verify that the Web Agent has been configured correctly
  and to make any changes or fixes necessary. Check that the filter
  is up and running and that the virtual path has been configured.
  To check the filter, select the web site, then click the
  properties button (or right-click the web site icon). Select the
  Filters tab. The Web Agent should appear in the list with a green
  up-arrow. If it appears with a red down-arrow, check the Windows
  NT event log for any errors relating to the Web Agent. IIS
  doesn't always write detailed error messages. For example, if a
  DLL used by the Web Agent can't be located, then IIS typically
  logs the fact that a load error occurred along with the message
  "the data was the error". Note that the installation and
  configuration instructions describe the case where the filter
  must be installed manually if there were no existing filters
  registered at the time the Web Agent for IIS was installed.
  If the filter looks OK, check the oracle_intermedia_bin virtual
  path by clicking the properties button (or right-click the
  virtual path icon). The path should reference the
  <oracle-home>\ord\web\bin directory, which should contain the
  wsciis81.dll file. In the properties window, select the directory
  security tab, then click the anonymous access and authentication
  control button. Verify that Basic authentication has been checked
  and that Windows NT challenge/response has been cleared.
  To function correctly, the Oracle8i home must be specified
  correctly for IIS. Use the Oracle Home Selector to verify that
  the Oracle8i home is specified as the default home. Use the
  System Control Panel to verify that the Oracle8i home /bin
  directory is specified prior to any other Oracle homes in the
  PATH environment variable.
  null

• Authentication for Guest Access

  Hi, we are looking for a solution for either automated daily creation of guest user accounts or a console for clients enter their details which in turn creates the guest account on the controller.
  If we go down the path of automation, policy requires a single username/password for each day, unfortuntely WLC scheduled guest account creation is not an option as the reocurrence doesn't change the password, but it would be a handy feauture if Cisco would like to introduce it in a future release
  The CLI has the option to create 'config netuser add [name] [password] WLANID [X] userType guest lifetime [seconds]' - Can we schedule and email this from the CLI on the controller?
  Appreciate your time.
  Brendan

  Brendan,
  Currently there is no way to automate this process. The process that has been developed is either an admin on the wlc/wcs creates the account or the use of the lobby admin feature. WCS has the lobby admin feature also to create accounts but it isn't intended for guest users to create their own account.
  The wlc doesn't have a schedule to enter a command via the cli, but I bet you can developer some web base guest creation that would send the command to the wlc and remember that command to remove it later.
  Sent from Cisco Technical Support iPhone App

• HP B500 Wireless Bluethooth Adapter for HP Printer Not Working With Windows 8.1

  I have been using the HP BT500 bluetooth Wireless adapter to print wirelessly to my HP Officejet Pro 8500 printer.  I have been using Windows Vista, but recently upgraded to Windows 8.1.  I learned after the upgrade that the HP B500 wireless bluetooth adapter is not compatable with Windows 8.1.  I have attempted to find a driver upgrade for the B500, but there does not appear to be one available.  I have also searched the HP site and other sites in an attempt to locate an alter wireless blotth adapter to replace the B500, but have again been unable to locate one. 
  Is there a wireless bluetooth apter that will allow me to print wirelessly to my HP Office Pro 8500 from my laptop?

  Hi @Raider83,
  Welcome to the HP Forums!
  I noticed that your HP B500 wireless bluetooth adapter for your HP Officejet 8500 is not working with Windows 8.1. I am sorry to hear this but happy to look into this for you!
  I am not sure if you are using a 32-bit or 64-bit Operating System. But sometimes with Windows 8.1 you can use compatibility mode to install an older version of the driver. Which might help the situation. Here is a link to some other Windows drivers, HP bt500 Bluetooth USB 2.0 Wireless Adapter Drivers.
  Once you got a driver downloaded, follow this guide, Make older programs compatible with this version of Windows, on how to install it using compatibility mode.  It is not guaranteed to work, but it is worth a try!
  If you still need me to look for other bluetooth adapters, please respond with your printer's Product/Model Number. To find your printer's Product/Model Number follow instructions in this link. Finding Your HP Product Model Number. As there are multiple HP Officejet 8500 printers.
  Thank you for posting, and have a nice day!
  RnRMusicMan
  I work on behalf of HP
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  Click the “Kudos Thumbs Up" to say “Thanks” for helping!

• Cisco ISE Local Web Authentication via Switch

  Hello,
  I have Cisco ISE 1.2 and I need local webauthentication for clients.
  I want to send webauthentication link via switch.
  I made a research for it but I meet ACS documents :
  http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/WebAuth/WebAuth_Dep_Guide.html#wp393321
  and ISE central webauthentication documents for it.
  Is there local webauth in ISE via switch?
  Thanks,
  Alparslan

  Hello Alparslan,
  Please check the following link,
  http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html

• Web Page for Guest Wireless

  Hi.
  I was wondering if someone could help me with the easiest way to set up a Web Page to control Guest Wireless access on Cisco AP 1130AG.
  I was using PEAP and Dot1x to Active Directory but the messing around required on some clients (namely XP and Vista) means it is not ideal for random and unexpected guests.
  How can I set up an Open Authentication method (or whatever I need) that then defaults to a web page or logon page for access to the network itself? I have seen this in other companies so it must be do-able.
  Just for information a standard WPA2 key for the SSID is insufficient as we want a logon page and user credentials that are changeable.
  I hope someone can help.

  Are you using the AP with a lightweight controller, or standalone (autonomous)?
  The lightweight controllers have this capability. Standalone APs do not.

• Cisco Ise Central Web authentication not working

  Hello Guys,
  CWA is not working. It says that authentication suceeded but posture status is pending. No error in my Monitor--authentication. Checking it in my Windows 7, it does not shows the CWA portal.
  What might be the possible problem of this.?
  thanks

  Kindly review the below links:
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml
  http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bead09.shtml

• Impliment SAP Authentication for Translation manager BI 4.0

  Hello Experts,
  We are using SAP Authentication type  to logon and to create the reports.The reports are created now.We would need to have these reports translated using Translation Manager (TM) but they have provided a user name on Enterprise login.
  But when we try to import the reports it is getting failed and giving an error "InitInitilization Java" exception .
  As when the clinet tool TM is opened it is not showing the SAP authentication it has (Enterprise,Windows AD,LDAP,Standalone) and no SAP.
  So can you suggest about how to have the SAP login for TM also.We are using BI 4.0 SP 2.7.Reports are created using BEX as back end.
  thanks in advance
  Lekshmi

  Hi Lekshmi,
  In your Translation Manager web.xml look for Authentication.default and set sso.sap.primary and set the values as
  <context-param>
    <param-name>authentication.default</param-name>
    <param-value>secSAPR3</param-value>
    </context-param>
  <context-param>
    <param-name>sso.sap.primary</param-name>
    <param-value>true</param-value>
    </context-param>
  Thanks,
  Sravanthi