Guest Wireless with Web Portal

Similar Messages

• WLC - Geting Problem with Web Portal

  Hi,
  When enable the SSID that associate with web portal for guest user, the WLC found difficult to process and the system halt.Unable to get into the management ip for the WLC.
  However after disable that particular SSID, the system operates in well condition.
  FYI, we are running under version 5.0. Controller model -Wism.
  Please advice.

  I'm not sure if this is it or not, but it's in the release notes.
  CSCsm98250-After you upgrade the controller to software release 5.0, web authentication stops working, and you can no longer access the controller through HTTP or a Telnet or SSH session

• Locally switched Guest WLAN with Web Authentication

  I have a remote location that has its own internet pipe.  I have set up a new guest SSID and set to switch locally and changed the AP mode to Flex connect. When I connect to the new SSID, I get an IP address from the local LAN, but the Web redirection page will not load. Is this because the local LAN does not have a route to the WLC virtual interace of 1.1.1.1? Is there a way to tunnel just the web authentication portion of traffic and locally switch everything else?

  You are close in your understanding.
  If you want to use the web portal services on the WLC then you need to bring that traffic back to the WLC.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Guest wireless with WLC 2504, Catalyst 4510R+E and ASA 5510

  I need to add guest (internet only) wireless to our existing internal wireless and am looking for advice as to the best practice configuration. Existing infrastructure as follows:
  WLC 2504
  1142 LAPs
  4510R+E
  ASA 5510
  Existing configuration as follows:
  WLC management interface and APs addressed on the 192.168.126.0 /25 network
  Internal WLAN mapped to the management interface
  Management interface VLAN ID 0 (untagged) and dynamic AP management enabled
  WLC port 1 (only) connected to 4510 via trunk with native VLAN set to 7 and allowed VLAN set to 7
  4510 connected to ASA inside interface (security level 100)
  Switchport on 4510 connected to ASA configured as switchport access VLAN 99 (our internet VLAN)
  ASA inside interface NOT configured for subinterfaces and is addressed on the 192.168.121.0 /25 network
  What is the best way to add guest wireless to our existing configuration?
  Note: I need the guest wireless to be filtered by Websense as our internal wireless is
  Any advice would be greatly appreciated!

  Thank for the reply Scott. The configuration recommendations from Yahya did not work. I set up as he recommended and also added a dhcp scope on the wlc. Client gets dhcp but cannot even ping the wlc much less anything else. Yahya stated above to configure port 2 on the wlc to an access port on my 4510. Aren't all connections from the wlc supposed to be trunk links to the switch? Shouldn't I just leave the management interface on the wlc untagged and add a dynamic interface for each wlan and tag it with the approriate vlan id? And then leave the (one) physical connection on the wlc (port 1) connected to a trunk link on the 4510 that allows the required vlans?
  Any input would be greatly appreciated...
  JW

• Guest Anchor with web auth using ISE guest portal

  Hello All,
  Before launching into my exact issues, could anyone confirm if they have completed a wireless Guest anchor setup using 2504 controllers on 7.4 as the anchor (5508 is the foreign) with webauth external redirection at ISE 1.1.3 using ISE Guest Services?
  I am attempting this for an internal POC and have hit a couple of issues. Firstly I am looking for correct configuration confirmation prior to going in depth with a couple of the issues. I've been using the TrustSec 2.1 how to guides to build the parts I am not strong on so if anyone has actual completed this setup, I'd love to go through it with you.
  massive thanks to anyone that can assist.
  JS.

  Thanks for the reply RikJonAtk.
  so to start with, based on the trust sec documents, of the guest WLAN on the anchor I need to configure mac filtering at the layer 2 security menu as well as enable RADIUS NAC under the Advanced tab. But when I do this, I get an error message that states that mac filitering and RADIUS NAC cannot be enable at the same time.
  Additionally, if I just enable the RADIUS NAC setting under the Advanced tab in the WLAN, I get another error message that states that the priority order for Web-Auth can only be set for radius, so I go to the AAA server tab and send local and LDAP to the not use column and hit apply. If I move to another menu then check the priority order again under the AAA servers tab, the local and LDAP have been moved back to the menu field to be used again.  So I initially though it might be a bug, but I was hoping to find someone here that has done this already and can look at my issues and maybe walk me through their configs, which I'll mirror and see how it goes.
  Thanks in Advanced,
  JS

• Workflow integration with Web/Portal

  Hi All,
  I have been working on workflow front but only limited to R/3 front.
  Can anyone guide me as to steps involved for making worklfow capable of executing from Web or portal?
  Also would like to know what all things I should start to learn in order that I will be able to comfortably develop a small workflow scenario which can be executed from portal.
  e.g. I have heared about transactions SWFVISU,WF_EXTSRV QISRSCENARIO etc at various places. <b>But wanted to know step by step approach</b> (i.e whether I should look for SWFVISU first then WF_EXTSRV what are they exactly used for)and information about all the involved activities.
  Your any help is  appriciated.

  Hi Akshay,
  Coming to workflows that are executable in Enterprise Portal - Universal WorkList...
    -> Workitem calling a BSP Application.
    -> Workitem calling WD Application.
  I worked much on the second front, so lemme explain you something which I know. Instead of calling R/3 Based Form / Transaction as a workitem, you can call an Adobe Interactive Form / Webdnypro Application.The link between the Standard task and Webdnypro Application is done in <i><b>SWFVISU</b></i> Transaction.
  In the similar way, the ESS-Leave Service is also integrated(Leave Workitem calls the Leave WD Application). Please refer <i>WS12300111</i> template to get a fair idea.(Refer Leave Service Customizing in this link ... http://help.sap.com/saphelp_erp2004/helpdata/en/e6/ecec4082008631e10000000a1550b0/frameset.htm )
  To get idea of<b> ISR/PCR</b> Framework, please refer the following link
  <i>http://help.sap.com/saphelp_erp2004/helpdata/en/4e/3120386827c23ce10000009b38f842/frameset.htm</i>
  This <b>ISR/PCR</b> Framework involves Creation of Scenarios(in <b>QISRSCENARIO</b> txn),Development of Adobe Forms for the respective scenarios(in <b>SFP</b> txn.),related Workflow development and EP Content Development(IViews that call <b>IsrForm</b>,<b>IsrFormApprove</b> Standard WD Applications) to deploy these Forms in Enterprise Portal.
  Also refer this link for more info on ISR/PCR
  <i>https://websmp201.sap-ag.de/isr</i>
  For information about ADOBE FORMS DEVELOPMENT,Please refer the following links.
  <i>https://websmp201.sap-ag.de/adobe
  https://www.sdn.sap.com/irj/sdn?rid=/webcontent/uuid/21e4975d-0501-0010-1db9-8c45d832670a</i> [original link is broken]
  Please note that this ISR Framework requires import of ESS & MSS Business Packs on Enterprise Portal.
  For getting some idea about these ISR/PCR Based workflows, you can refer standard Workflows - <b>WS50000041</b> / <b>WS50000031</b>.
  And another way of developing the EP Based workflows are...
  Integrate the Custom WD Applications in our Workflows. I mean, the Custom WD Application that are developed using Java WD or ABAP WD are linked to a standard task using the <b>SWFVISU</b> Transaction.
  Coming to the BSP based stuff, we use WF_EXTSRV transaction to create a new Standard Task that calls the BSP Application(with all the required Import/Export Application Parameters).
  The <b>UNIVERSAL WORKLIST</b> in your Enterprise Portal must be configured in prior.
  I hope this information must be useful...
  Regards,
  <i><b>Raja Sekhar</b></i>
  Message was edited by: Raja Sekhar

• CIFS with WEB Portal

  I have a problem when I'm connected via WebVpn Portal on my ASA 8.0(2) to access to my shared folder.
  If i use with my cisco vpn client install on my computer i can access to my shared folder.
  Have you ever meet this problem?

  I think your wrong.
  I've already configured CIFS shared access on ASA 8.0(1) (without Anyconnect) like a resource on Webportal and it's working !
  And it was working with SSO on an active directory. The authentication used for the webportal was used for the CIFS share.
  The only problem I encountered was a bug (CIFS doesn't work after a certain time) which is fixed in 8.0(3) or 8.0(4).

• Wired guest vlan with ISE

  Hi all,
  For those that have travelled down the path of ISE, is it reliable to put the all switch ports into a guest vlan and rely on the NAM to change that of corporate users? We will be using the NAM any connect supplicant for corporate users, so they should automatically be changed into the corporate vlan on successful authentication. Is this correct and is this reliable?
  Testing now with all ports on the corporate vlan has guests still accessing the corporate vlan initially before they are changed by the java applet upon registering as a guest user.
  Thanks
  Sent from Cisco Technical Support iPad App

  I will try to answer all of your quesitons:
  1.     "With the standard port configuration, is it better to have the switch ports on vlan 40 (guest vlan) by default, and have the corporate users NAM supplicant change the vlan to 20 if successful, or the other way around and have the ports in default state on vlan 20 (corporate) and when a guest hits the web portal have their vlan changed to vlan 40"
            - I suppose the standard is to have the port in the regular/standard VLAN and only put failed           authentications in the guest VLAN. However, with that being said, it really depends on what you are           trying to accomplish, thus I suppose you could try doing it the other way around. I have never tested it nor           deployed it that way so I highly recommend you try that in the lab
  2.     "I wanted to know if the change of vlan for corporate users with NAM is reliable?"
            - Yes it is. Well at least for the most part Some "dumb" devices such as printers, badge readers, etc,           might not know that a VLAN was changed, thus never request a new IP address. As a result, they get           stuck in the guest VLAN. That is why I usually like to NOT use guest VLAN but send all failed           authentications through the guest portal. There you can control who is guest and who is not via dACLs.
  3.     " We also plan on implementing low impact mode, ie open authentication with a default ACL as there are things           like PXE booting that needs to happen"
            - So my guess is that the guest VLAN terminates on some interface such as FW DMZ. That interface           usually has some ACL that blocks all RFC 1918 and permits everything else. If that is the case and you           want to use Low-Impact mode, then you will need to grant the same access on the DMZ interface as the           one granted in the Low-Impact mode ACL otherwise things will break

• Need some help with running portals on BEA Portal Server...

  Hi
  I'm having a trouble with Bea Web Logic 9.2 portal server.
  Every time I start a new domain and deploy EAR with web portal everything works just fine.
  Than after some time (looks like it happens after new roles and users where added via Admin portal) server begins to show only empty pages when accessing my portals. Admin portal continue to work fine.
  The problem can be resolved only by creating new domain.
  Here is error shown in console (not sure if this error is connected to my issue)
  SEVERE: A miss configuration of portal detected.
  Page 'ps_page_main' doesn't exist in book 'ts_main_book', but is configured as default page
  Thanks in advance for any help

  If you guys have not run into such problem before, maybe you can just point me in the right direction have to investigating this issue by myself. I'm quite new with BEA and don't know even where to start looking.

• How to set up guest wifi network on 1200 series APs with disclaimer web portal?

  I've been thinking about this one for awhile. I want to set up a guest wifi network without any security (AES / TKIP) that allows guests to connect. Ideally, their web browser would be redirected to a web portal containing legal disclaimers, and they would need to accept the terms and conditions to use the guest wifi. I would also like to have them be required to visit the web portal again every 8 hours after that to accept the terms and conditions again.
  I have a Cisco 1240AG access point already. What else do I need to make this work?

  I don't believe you can do this just with an AP running in autonomous mode you would need to have a WLC to configure the splash page.
  Have a look here:
  http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70/c70users.html#wp1049273
  Alternatively you can use software running on a PC/Server. Something like http://www.antamedia.com/hotspot/
  Hope that helps!
  Matty

• Web Page for Guest Wireless

  Hi.
  I was wondering if someone could help me with the easiest way to set up a Web Page to control Guest Wireless access on Cisco AP 1130AG.
  I was using PEAP and Dot1x to Active Directory but the messing around required on some clients (namely XP and Vista) means it is not ideal for random and unexpected guests.
  How can I set up an Open Authentication method (or whatever I need) that then defaults to a web page or logon page for access to the network itself? I have seen this in other companies so it must be do-able.
  Just for information a standard WPA2 key for the SSID is insufficient as we want a logon page and user credentials that are changeable.
  I hope someone can help.

  Are you using the AP with a lightweight controller, or standalone (autonomous)?
  The lightweight controllers have this capability. Standalone APs do not.

• WLC 4402 - only present guest with web auth page once every (x) days

  Hi all,
  I am looking to migrate our guest wireless from a third-party system to the WLC.  Currently, we change our guest password (WPA2 PSK) every (x) days.  Each time the guest password is changed and connections are made with the new PSK, guests are redirected to a terms and conditions page which they must accept.  The MAC address is then cached and the page is not displayed again until we clear the MAC cache and change the PSK.
  I can almost replicate this with web auth in passthrough mode on the WLC, but it presents the guest with the terms and conditions page each time they reconnect to the WLAN, whether it be from roaming offsite or turning the wireless radio off then on.
  Is there any way to have the WLC replicate our current system, where a MAC is cached and the page is not displayed until some other event takes place (changing the PSK or clearing the cache?)
  Thanks!
  -P

  Wait ... Shaoqin, will the 7.5 code be released for the 4400 series controllers?  The current release is 7.0.240.0 - I see releases up to 7.4 on the 5500 series controllers
  Thanks
  -P

• WLC 2100 guest access with local web authentification

  Hello I tried to create a guest acces with local web authentification.
  My Laptop is connected to the Wlan but My Browser don't ask my login and password

  Please refer to the following links:
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/69340-web-auth-config.html
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/115951-web-auth-wlc-guide-00.html

• Web Based Registration for Guest Wireless Access

  I just started a project to make a guest wireless network available at every site in my enterprise.  Guest wireless networks are currently available at some sites.  Two key goals of this project is to enable WPA/WPA2 encryption and to develop a web based registration/autentication solution.  All of the sites have a mixture of 1230, 1240, and 1250 autonomous access points.  What do I need to do/get in order to make this happen?

  You should get a WLC and upgrade the 1240 and 1250 and replace the 1230's if they are in remote sites.
  The WLC has a Webauth feature that is great. You can define users on the WLC also if you wish.
  Guest access should always be open authentication with the use of a Webauth page. This makes it easy and you won't have to help manage guest access. Autonomous ap's and to have a splash page will require a 3rd party software or you can use a Cisco NAC guest server.
  Search for Cisco Wireless Guest Access or Webauth and you will see many docs on this type of setup.
  Sent from Cisco Technical Support iPhone App

• Guest ssid with anchor controller and Web policy

  We have a WLC4404 and and anchor controller WLC4402 to provide guest access to the wifi net. We configured both in the same mobility group, and the guest ssid to attach to the mobility anchor 4402. All is working fine until we enable the web policy authentication on the 4402. In this case the client join the guest ssid but neither get an ip address from the dhcp server nor go anywhere. Is we disable the web authentication all works fine again. We are runnig 4.0.206.0 on both WLC. Anyone can help us?

  Two things you might check. (1) The 4404's mobility anchor should point to the 4402, and the 4402 should anchor to itself. (2) Make sure you are configuring the same security policy for the SSID on both the 4402 and 4404. So if the SSID is "guest" and you turn on web authentication on the 4402, make sure "guest" is on the 4404 with web authentication. We are using a similar setup for guest access at several sites.