SCE 2000 3.6.5 - Web Redirection

any known bugs in the version 3.6.5 while redirecting a user to a website?
the  IE is indicating websitefound and waiting for reply with a blank page.
the package is configured to block all flows and redirect the user to a website..

The only place I see block and redirect is the Default package and I done see any other service allowed. You need to allow the redirection url as a special service. I see it created but take it out an allow it here in this package.
*.dealer.e.net.kw:/*
*.knetpay.com.kw:/*
*.madacare.com.kw:/*
These URL's are not in the Flavor you defined. put all of them in and allow them.
the other package which had redirection attached to it, I see the redirection url specified but not all allowed url's are in that flavor.
what is your exit strategy once the user hits the redirection site?
at this time it seems like anything the user does you are redirecting him and it will alway be redirected with no exit clause.
You will see the "until subscriber browses to" you need to use this to kill the redirection loop and let the customer come out of the redirection gracefully.

Similar Messages

  • Web Redirect is not working

    Hello,
    We configured the web authentication in wlc 5508with ISE for the guest traffic. When client tries to connect it redirects to the different URL. That means the specified URL (that is default redirection page of ISE) 'https://<ISE IP>:8443/guestportal/portal.jsp'  but client is getting redirected to
    'https://<ISE>:8443/guestportal/login.action?switch_url=https://<virtual IP>/login.html&wlan...'. And finally page cannot be displayed now error message i am getting.
    Why it happens..? Any quick help would be really appreciated
    Moreover i have doubts on the below points.
    1) Should both the Anchor and the foriegn controllers be configured for web auth security or only anchor ..?
    2) When external web redirection, the client has to get the DNS resolved entry for the Specified URL or WLC knows to take it to the external web page..?
    3) Any special configuration has to be done on ISE?
    Thanks for your time
    KVS
    Message was edited by: Prasan Venky

    Hello,
    How to Make an External (Local) Web Authentication Work with an External Page
    As already briefly explained, the utilization of an external WebAuth       server is just an external repository for the login page. The user credentials       are still authenticated by the WLC. The external web server only allows you to       use a special or different login page. Here are the steps performed for an       external WebAuth:
    The client (end user) opens a web browser and enters a           URL.
    If the client is not authenticated and external web authentication is           used, the WLC redirects the user to the external web server URL. In other           words, the WLC sends an HTTP redirect to the client with the website's spoofed           IP address and points to the external server IP address. The external web           authentication login URL is appended with parameters such as the           AP_Mac_Address, the client_url (www.website.com), and the action_URL that the customer needs           to contact the switch web server.
    The external web server URL sends the user to a login page. Then the           user can use a pre-authentication access control list (ACL) in order to access           the server. The ACL is only needed for the Wireless LAN Controller 2000           series.
    The login page takes the user credentials input and sends the request           back to the action_URL, such as http://1.1.1.1/login.html, of           the WLC web server. This is provided as an input parameter to the customer           redirect URL, where 1.1.1.1 is the virtual interface address on the           switch.
    The WLC web server submits the username and password for           authentication.
    The WLC initiates the RADIUS server request or uses the local           database on the WLC, and then authenticates the user.
    If authentication is successful, the WLC web server either forwards           the user to the configured redirect URL or to the URL the client           entered.
    If authentication fails, then the WLC web server redirects the user           back to the customer login URL.
    Note: If the access points (APs) are in FlexConnect mode, a           preauth ACL is irrelevant. Flex ACLs can be used to allow           access to the web server for clients that have not been authenticated.
    For more details, please refer to the following:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_tech_note09186a0080bf7d89.shtml#redirect

  • Layer 3 Web redirect without MD DNS Server

    Hello there
    Actually, I want to configure layer 3 web redirect and i dont have any DNS server. I tried to use the core switch to resolve the name into ip through the comment ip host webauth 1.1.1.1 but it did not work, I am using the DHCP currently local on the controller any suggestions?
    Thanks,
    Elie

    Can you elaborate on what you are trying to do?
    Unless you've specified a DNS name on your Virtual Interface, webauth with redirect the client to the IP address of your Virtual Interface. Generally speaking you only put a DNS name on the Interface if you are using a certificate... For you to have a valid certificate, I would suspect it has a valid domain, and therefor you should be able to make a DNS entry global for that domain pointing webauth.domain.com  back to 1.1.1.1...... 
    But if all you're trying to accomplish is webauth without a dns lookup resolving 1.1.1.1, then this should already be in place if you haven't put a name on the Virtual Interface.

  • Guest Anchor - Web Passthrough - Apple device web redirect issue

    Hi All,
    I've setup a Guest Mobility Anchor at DMZ with 5508 WLC. I've setup the EoIP mobility tunnel and everything works so far.
    Now, I was testing multiple clients to connect to the Guest SSID and observed that Apple devices are not redirecting url, resulting unsuccessful connection.
    I looked Cisco docs and added the command "config network web-auth captive-bypass enable" on the Anchor as recommended.
    Even after executing the command, I'm still facing web redirect issue with Apple Devices. I don't have any issues with other devices, except Apple.
    My controller running code AirOS 7.6.130.0. I'm using DMZ controller as DHCP server for Guests and public DNS servers as 8.8.8.8 & 8.8.4.4
    How to solve this web redirect issue? Will a Third-party generated CSR solves the problem?
    Thanks,
    CJ

    Hi All,
    The issue was with WISPr Protocol with iOS Clients. After upgrading the AirOS Code on the controller to 8.0.100.0; the issue with Web Redirect is resolved.
    Jagan

  • Web-redirect to external radius not wokring on some browsers for Guest SSID

    Hi,
    We are using Cisco 5760 with 3.7, and the guest SSID doesn't perform web-redirect to external radius (cisco NAC appliance), for some browsers. Although the same works on Cisco 5508 and 4402 WLC with the same NAC appliance for all browsers.
    working browsers: IE9.0 and IE 11.0
    Non-working: Chrome all versions, Firefox all versions, Safari all versions.
    Can anyone provide some help if they have seen  this issue before.?

    You need to check the compatibility guide of Cisco WLC and check if those browsers are supported or not.

  • Two SCE 2000s sharing the same Collection Manager?

    Does anyone know if two seperate SCE 2000 devices can share a collection manager, or do they each need a seperate CM?  If they can shere, is  there any specal setup on the CM itself?
    Thanks.

    Just a thought!
    If you change the security settings on the default itunes folder so that you other user can access the folder then you could change the itunes preferences for that other user to use you newly shared folder. then you'd have both itunes apps using the same file set and library. all you'd have to do then was create a playlist for you and for her.
    I've never tried it myself, i just let my wife use itunes on my account.
    john

  • SCE 2000 3.6.5 SCA BB Reporter Protocol Facetime

    Hello Everybody,
    I have a Cisco SCE 2000 x4GBE running the Ver 3.6.5, the SCA BB Reporter is 3.6.5 too,
    i need to run a report for the Facetime Protocol, and doesn't exist that report.
    Recently I upgraded the Protocol Pack to # 27.
    When i look in the internet, found a document:
    http://www.cisco.com/en/US/docs/cable/serv_exch/serv_control/broadband_app/protocol_ref_guide/04_signatures.html
    That says, the Signature ID for that Protocol is 86507776 and i understand is a temporary number, but where i can find the traffic statistics?
    I need a report showing that traffic,
    how can i find that information?
    Thanks in Advance

    Hi Kreso,
    The PQI file is included in the SCA-BB Agents archive available for download from Cisco.com, under:
    Downloads > Products > Service Exchange > Cisco Service Control > Cisco Service Control Application Suite > Cisco Service Control Application for Broadband
    The filename for version 3.6.5 is "sca-bb-v365-b256-agents.zip".
    Please note that you will have to install the software as per the order above.
    In your case, as you now have to install the application (step 2), you will have to re-do steps 3 and 4.
    Hope this helps.
    Cheers,
    Martin

  • Web redirection doesn't work on WLC5508

    Hello, Please I have configured WLC 5508 for supporting guest vlan mapped to in virtuel interface and associated to guest ssid wlan.
    on guest ssid i have activate L3 security with web policy. both authentication and passtrought does'nt refirect web authentication page.
    I can get DHCP param trought dhcp pool for the correct guest vlan.
    addition information : i see that the control send a wrong redirect ip adresse.
    WLC management interface is 10.7.1.10 and i seen 10.7.4.10. i remeber that this last ip was destinated as dns server ip add but i dont see where i can change it?
    the dns ip adress configured on the pool is 10.7.1.10.
    please any idea for this issue?

    Hello,
    I have doing one modification.  I have configured the ip addresse onf dns name us ip add of virtuel interface.
    and after i can request webauth when access with GUEST SSID.
    Note: I have configured the wifi_guest dynamique interface as normal interface witout specify that is for guest user? it's normal? see configuration below.
    config advanced 802.11b channel add 1
    config advanced 802.11b channel add 6
    config advanced 802.11b channel add 11
    config advanced 802.11a channel add 36
    config advanced 802.11a channel add 40
    config advanced 802.11a channel add 44
    config advanced 802.11a channel add 48
    config advanced 802.11a channel add 52
    config advanced 802.11a channel add 56
    config advanced 802.11a channel add 60
    config advanced 802.11a channel add 64
    config certificate generate webauth
    config interface address management 10.7.1.10 255.255.255.0 10.7.1.3
    config interface port management 1
    config interface vlan management 22
    config interface dhcp management primary 10.7.1.3
    config interface address service-port 10.7.0.1 255.255.255.0
    config interface dhcp service-port disable
    config interface address virtual 1.1.1.1
    config interface hostname virtual 1.1.1.1
    config interface address dynamic-interface wifi_data 10.7.3.1 255.255.255.0 10.7.3.3
    config interface port wifi_data 1
    config interface create wifi_data 3
    config interface vlan wifi_data 3
    config interface dhcp dynamic-interface wifi_data primary 10.7.3.3
    config interface address dynamic-interface wifi_voice 10.7.6.1 255.255.255.0 10.7.6.3
    config interface port wifi_voice 1
    config interface create wifi_voice 24
    config interface vlan wifi_voice 24
    config interface dhcp dynamic-interface wifi_voice primary 10.7.6.3
    config interface address dynamic-interface wifi_guest 10.7.10.1 255.255.255.0 10.7.10.3
    config interface port wifi_guest 1
    config interface create wifi_guest 10
    config interface vlan wifi_guest 10
    config interface dhcp dynamic-interface wifi_guest primary 10.7.10.3
    config 802.11b 11gsupport enable
    config logging console notifications
    config logging console 5
    config logging traceinfo disable debugging
    config mobility group domain SICPA
    config dhcp proxy disable bootp-broadcast disable
    config custom-web redirecturl www.sicpa.com
    config custom-web weblogo disable
    config custom-web webmessage "Bienvenue sur le portail Wifi de SICPA MAROC, Accés autorisés seulement aux personnes autorisées."
    config 802.11a disable network
    config hreap group SICPA add
    config hreap group SICPA radius ap authority info "Cisco A_ID"
    config hreap group SICPA radius ap authority id 436973636f0000000000000000000000
    config hreap group SICPA radius ap server-key encrypt 1 5f56d8b50959491103ea7315322e20bd 100acf2cefe3802796401ae06e1e523a259b8543 036a5066218ab032894b51738f93591e8fd97a3302f02740838f75184d327f
    config database size 2048
    config network rf-network-name default
    config network master-base enable
    config country FR
    config mgmtuser add encrypt admin 1 1f5eb5b7c333109cfecdb1c217e4ed2a d422424c410e252a47d648b4598105130e00d26d 16 07b3ca92b2e8e8b44b22d7adb42341f40000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write
    config acl create Guest
    config acl rule add Guest 65
    config wlan session-timeout 1 1800
    config wlan security wpa wpa1 ciphers aes enable 1
    config wlan security wpa wpa1 enable 1
    config wlan security wpa akm psk set-key hex encrypt 1 e935b271a9ff70fa79614dbb28bcf3bc 2b22b029985ff097772ba19b7149376ca01d276c 48 dba3595a974981bb7a8eb37b200005244fd7182b6859c9bc84f1b5d3c331f7122cb9a51478172c1217636e386617c7fe000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1
    config wlan security wpa akm psk enable 1
    config wlan security wpa akm 802.1x disable 1
    config wlan security wpa enable 1
    config wlan session-timeout 2 1800
    config wlan security wpa wpa1 ciphers aes enable 2
    config wlan security wpa wpa1 enable 2
    config wlan security wpa akm psk set-key hex encrypt 1 26a45869463e35b2d3b4fdde12ad314a 397f531ce6272483f4cf982355cc1b210dce9b51 48 1b9a6b62c870db4d23e7929f6053d205a2743719e692e55a25ac0653f120bb9a9549b24a68225076164faa1b434604f3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 2
    config wlan security wpa akm psk enable 2
    config wlan security wpa akm 802.1x disable 2
    config wlan security wpa enable 2
    config wlan session-timeout 3 1800
    config wlan security wpa wpa2 disable 3
    config wlan security wpa akm 802.1x disable 3
    config wlan security wpa disable 3
    config wlan security web-auth enable 3
    config wlan apgroup add GRP_SICPA
    config wlan apgroup interface-mapping add GRP_SICPA 1 wifi_data
    config wlan apgroup interface-mapping add GRP_SICPA 2 wifi_voice
    config wlan apgroup interface-mapping add GRP_SICPA 3 management
    config wlan exclusionlist 1 60
    config wlan exclusionlist 2 60
    config wlan exclusionlist 3 60
    config wlan wmm allow 1
    config wlan radius_server acct disable 1
    config wlan radius_server auth disable 1
    config wlan interface 1 wifi_data
    config wlan create 1 WPF_SICPA SICPA
    config wlan broadcast-ssid disable 1
    config wlan channel-scan defer-priority 5 enable 1
    config wlan channel-scan defer-priority 6 enable 1
    config wlan mfp client enable 1
    config wlan enable 1
    config wlan wmm allow 2
    config wlan radius_server acct disable 2
    config wlan radius_server auth disable 2
    config wlan interface 2 wifi_voice
    config wlan create 2 Voice Voice
    config wlan qos 2 platinum
    config wlan broadcast-ssid disable 2
    config wlan channel-scan defer-priority 5 enable 2
    config wlan channel-scan defer-priority 6 enable 2
    config wlan mfp client enable 2
    config wlan dhcp_server 2 10.7.6.3 required
    config wlan enable 2
    config wlan wmm allow 3
    config wlan radius_server acct disable 3
    config wlan radius_server auth disable 3
    config wlan interface 3 wifi_guest
    config wlan create 3 "Sicpa Guest" SICGUEST
    config wlan broadcast-ssid disable 3
    config wlan channel-scan defer-priority 5 enable 3
    config wlan channel-scan defer-priority 6 enable 3
    config wlan mfp client enable 3
    config wlan enable 3
    config band-select probe-response enable
    config sysname SICPAWLC01
    config netuser add encrypt username guest password 1 ce43d82be4df6ee1abc1184f9f6ceffc 75f488240bd3ac7a423657a1d495a35a3b7088f9 16 a8b9fb1eaa64e838b2afd02c71544c420000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 wlan 3 usertype guest lifetime 86400 description
    config netuser add encrypt username adil password 1 6c5fe3e5ca24345a868c88dfcb761540 969e73d1739bbe4afea7348f8e3509d23fd1dd97 16 bf3028a95cda7e3299dcc8b4288611440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 wlan 3 usertype permanent description
    transfer download serverip 10.7.12.41
    transfer download filename ciscowlc.cfg
    transfer download datatype config
    transfer upload serverip 10.7.12.41
    transfer upload filename ciscowlc.cfg
    transfer upload datatype config

  • Guest web redirect with redundant ISE

      Dears,
    I have redundant ISE configured (primary and secondary) and integrated cisco WLC 5508.
    I already configured SSID for Guest Web authentication.
    With primary ISE the redirect link is working fine but when I power off the primary ISE the redirect link stop working even if I changed the Role of the secondary to primary.
    Please I need your support,
    Regards,                

    Thank you for your reply,
    - Yes on the same nodegroup.
    - Yes resolved correctly in the DNS.
    - I will recheck it but I already create an ACL for redirect.
    - Yes the both ISE defined on the Radius Auth. on the WLC.
    Now I will check the ACL and back to you.
    Regards,

  • Web redirect not working on MAC OS X WLC 5508

    Hi,
    I have a problem with Mac OS X-users. When connecting to the guest-network, the Mac does not get redirected to the login-web.
    I have tried to manually type in the url and IP-adress to the login-page, but cannot reach it. It works with all other devices.
    Code: 7.6.130.0 Hardware: Cisco 5508
    Grateful for any input on the matter.
    Regards
    Fabian

    Is there any guest anchoring in this scenario? 
    Have you verified that your client is receiving DNS and can do nslookups?
    Is this with all MAC users or only a select subset e.g. Yosemite only machines?
    What is the virtual IP you are using?

  • Web Redirect

    Hi All,
    We created a WLAN on WLC and used web authentication for their authentication.Whenever a wireless user tried to connect to this WLAN and tried to access any web page,it would be redirected to the web login page defined on the web authentication page in WLC.
    We are trying to find a way,where we would be able to redirect to a page where it provides some security policy and if the user accepts the same by clicking on "I agree" button,then they should be seeing the user login page.
    How to acheive the above.
    Any help would be appreciated.
    Thanks
    Regards
    Anantha Subramanian Natarajan

    Hi,
    I had the exact same requirement, you need to implement a simple 'hack' to do it. I cant recall the exact command list but here goes...
    1) Create a jpeg image with your terms and conditions in a 'customwebauth' bundle (tar file) with a login.html page. If there is no login.html then I believe it fails.
    2)Upload the customwebauth bundle to the WLC as per the standard procedure.
    3)Select to use the default login page with the text box and accept buttons. In the title field, embed the image that you uploaded as part of the customwebauth bundle, e.g. conditions.jpg and use your virtual ip address, e.g 1.1.1.1
    https://1.1.1.1/fs/customwebauth/conditions.jpg>
    Important!! - You must use pure html codes for the tags as when the WLC boots up, it recognizes that you are trying to embed html code in it and will revert the configuration back to nothing.
    I cant give you a sample of the codes I use here as it will not display correctly.
    So in essence, you are embedding your T's and C's as in image of the subject line.
    It may take a few times to get the html codes right but always reboot and watch the command line as it will tell you if html has been detected.
    Good Luck

  • Web redirecting issue when users reconnect guest ssid

    We are facing new issue on our controller for Guest SSID. This SSID used for Guest users and it is web base redirected to Aruba CPPM. First time web page redirects to controller virtual IP address and then Aruba CCPM.
    The scenario is as below
    - The user fills the form and gets redirected to a page where there is a login button which is grayed out till the sponsor approves the mail.
    -Once the sponsorer approves the mail, the login is highlighted and user connects to internet. 
    -Issue occurs when the user disconnects and connects to the SSID and tries to login again. There the user is redirected to controller management IP not on virtual IP.
    Controller Make Model:-5508
    IOS Version:- 7.5.102.0

    Well... you should upgrade to v7.6.110.0 as that code is deferred.  I don't know how you have your WLAN setup, is it use open and your using a pre-auth ACL?  Have you also posted in the AirHeads forum for suggestion?
    Post your show wlan <wlan ID>

  • Error when querying SSAS 2000 OLAP cube with WebI (BOXIR2)

    Hi,
    I'd like to access a OLAP cube on Microsoft Analysis Server 2000 through Web Intelligence. The BO server is running BO XIR2 FP 5.7 on Windows Server 2003.
    I've installed the pivot table services on the BO server and am able to connect to the SSAS. I then created a connection, and on top of that connection an universe. The universe categories and objects where retrieved from the cube.
    When I now try to query the new universe, I get the following error message:
    BusinessObjects115.OLAPI.Cube.1] : Failed to set properties (Database 'ITZD_2010' does not exist.).
    ITZD_2010 is the name of the "folder" from which I selected the cube when creating the connection. The cube itself is called NFOTD and this name is also displayed as (not editable) database name in the connection details.
    Any help is greatly appreciated!
    Jochen

    In CCM i find 4 services:
    Apache
    Server Intelligence Agent
    WinHTTP
    World Wide Web Pubblish Service
    Is Server Intelligence Agent the service to change?
    i can't find WebI service....

  • EE 4G server web redirects on ios8.4 iPad Air iphone5s With JavaScript enable.

    Ive been having problems when JavaScript is enabled and connected to the web with 4g, the EE's server is redirecting me to other web addresses when I want to look at an image hosted at postimage.org. I thought this was an apple JavaScript problem, but it only happens when connected via 4G and not through wifi, so I don't think its the apple JavaScript that's the main problem but the way EEs 4g web server handles JavaScript requests. This problem is starting to bug me having to switch JavaScript on and off, plus I don't know what other things maybe happening in the background like compromising data security or collecting my passwords.  Having paid for lots of data allowance with 4G may not now be worth it. 

    I can only think that someone who works for either apple EE or postimage has looked into it and sorted it out at there end. So whoever it was thanks. Just goes to show posting stuff up sometimes gets results even with no replays.  

  • IPhone WAP web redirection ... how to stop?

    Hi,
    When I browse to various web sites, the sites in question insist on re-directing me to the WAP version of the sites.
    Does anyone know how I can ensure I don't get redirected and I go to the full version of the site.
    Hotmail is a good example of this.
    Cheers
    Rich Carless

    as said before, its not the iPhone doing this, its the website you are going to thats causing this.
    if you can find out what the actual address of the desktop version is and then type that in, it will work.
    for example, MySpace has two different addresses...one for the mobile version and one for the desktop version...neither are actually just www.myspace.com, but if you type in www.myspace.com it will redirect you to either one, depending on the device you are using to get there...so technically the iPhone is still considered a cellphone, so you will get directed to the mobile version, unless you knew the actual address for the desktop version and typed that in instead.

Maybe you are looking for

  • PD4ML generating a PDF file with weird characters

    I am running SSM SP07 NW 7.1 with Oracle in HP-UX. If we create a PDF via "Print" or "Mail" the created PDF generates a weird character  where ever a blanck space should be. I read that it could be a problem of the string "&nbsp" being read from ISO

  • How to define Excise tab..?

    hi all Can anybody explain me , while receiving the goods if i click on excise item In that its showing some details like below 1.Capture excise invoice 2.Capture & post excise invoice 3.No excise duty 4.Only part 1 entry...etc The above mentioned de

  • Oracle 10g in Solaris Problem

    Hi Guys , i was wondering how to start oracle database in correct way in Solaris Because i had a problem with it.. i start the Oracle 10 in Solaris , the database is up. then after few hours, it shut down / the database is down for no reason then i h

  • VIewing blog in IE 7

    I have created a blog in IWeb- and it looks great on all my macs, however when I try and view it on a PC none of the links work. I have looked on the internet and it seems that this is a known issue- but it seems that creating web sites for just macs

  • Re-installing an application

    I am purchasing a new MacBook Pro. I want to move a few Applications such as Quickens Essentials to a new MacBook Pro. I know a copy of apps that I have purchased should be kept in my Apps Store account, but when I search for Quickens I find that the