Web Authentication Page Refreshing
Hi,
I'm configuring a vWLC for web authentication but when client is redirected, the page hung refreshing.
Which IP is used to access the webauth page?
Thanks
I create a DNS entry for webauth.lojaspompeia.com.br resolving for 1.1.1.1. But not success.
I dont believe that I can access 1.1.1.1 without configure a Default Gateway.
The virtual interface IP address is used only in communications between the controller and wireless clients. It never appears as the source or destination address of a packet that goes out a distribution system port and onto the switched network. For the system to operate correctly, the virtual interface IP address must be set (it cannot be 0.0.0.0), and no other device on the network can have the same address as the virtual interface. Therefore, the virtual interface must be configured with an unassigned and unused gateway IP address. The virtual interface IP address is not pingable and should not exist in any routing table in your network. In addition, the virtual interface cannot be mapped to a physical port.
Similar Messages
-
Anchor Guest 3.2.171.6 Web Authentication page issue
Hi folks,
I'm having issues with our Anchor controller here running 3.2.171.6. Using a chain certificate for our Web authentication re-direct Page to a WEB-server. sometimes the Guest Clients are not re-directed to the WEb authentication page. After I reboot the Anchor this resolves the issue. I need to use this code to support the ipsec vpn module. any ideas would be appreciated.you need to try to find a non-chained certificate. I know that most CA do not use these anymore, but need to find one. WLC does not support chained-certificate until 5.2. It may work, but it is not supported.
HTH,
Steve -
WAP321 - Disable web authentication page
I have a new deployment of (9) WAP321 access points. We have everything setup including a guest SSID with authentication. My client doesn't care for the web authentication page that appears after you enter the Guest key. Is there any way to disable the web authentication page?
Thanks in advance for any help!
KevinUnder the local users tab within Captive Portal, there is a setting:
Away Timeout—The period of time a user remains in the CP authenticated client list after the client disassociates from the AP. If the time specified in this field expires before the client attempts to reauthenticate, the client entry is removed from the authenticated client list. The range is from 0 to 1440 minutes. The default value is 60. The timeout value configured here has precedence over the value configured for the captive portal instance, unless the user value is set to 0. When set to 0, the timeout value configured for the CP instance is used.
Hope that helps. I would maybe use 1440 minutes (24 hours) for staff and put guest users on say half that. Just a thought.
Eric Moyers
*Please rate the Post so other will know when an answer has been found. -
Multiple SSID with different Login Web authority pages
Our current setup is one Anchor control and then several WLC’s, I want to know if I can have multiple SSID and use different Web Auth pages form them, so I can have a SSID that requires a password to Authentication access and another SSID that requires pass through Authentication but they would have different web authentication pages and go to different pages once Authenticated.
Is this possible to ?Hi,
If you are running WLC software 4.2 and above then u can do this on per WLAN basis.. here is the link which tells on how to do it..
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008067489f.shtml#A1
Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
Regards
Surendra -
Issue with Windows mobile accessing to Controller web authenticate page
I have an issue with my customer that use Windows mobile that can't access the web authentication page in the WLC using IE. The error message that it display is "The page can not be found. Website can not be authenticated". When the browser is trying to load the "https://1.1.1.1/login.html". It is workable with opera browser on the same mobile phone. I have try to regenerated the certificate in the WLC but it does not help.
WLC model is 4404, firmware version :4.2. Any one have a solution to this?In version 4.2 on the controller SSLv2 is disabled by default. IE by default doesn't do SSLv3. Either enable SSLv2 on the controller or SSLv3 on the client.
-
Aironet 1140 FLEXCONNECT External Web Authentication and Apple Devices
Hi!
I'm having an issue with this Access Point.
I've configured this access point with WLC in mode FlexConnect with web authentication.
It's all right, i'm connecting with my PC in wireless, i open my web browser in windows, then the Access Point redirect me to External Web Authentication Page,
i put my credentials, and i'm redirected to my access point ( https:/1.1.1.1/login.html i accept the certificate) and then the Access Point redirect me to Internet.
I do this with my android phone, it's all right again.
I try to connect with iphone or ipad , i'm redirected to External Web Authentication Page, i put my credentials, and i'm redirected to https://1.1.1.1/login.html where the web browser don't ask me anything and i'm not redirected to Internet.
Have you any idea?Thx you Scott, i understand what are you talking about, but my problem is different.
I try to explain..
I see the wireless network, i associate the iphone to this network, so i'm redirected to Login page,
as i use the "Apple Login" or i Open a Web Page .
In this page , that i reach with all devices i put my credentials, then i will be redirected with all devices
back to Access Point (https://1.1.1.1/login.html).
In this page i should be redirected to internet after Radius Authentication, but with Apple Devices this doesn't work.
This is thw WEB AUTHENTICATION from Cisco Documents.
The user associates to the web authentication SSID.
The user opens their browser.
The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
The user authenticates on the portal.
The guest portal redirects back to the WLC with the credentials entered.
The WLC authenticates the guest user via RADIUS.
The WLC redirects back to the original URL. -
Redirect to web authentication not working on Cisco 5508 Wireless Controller
Hi,
I have a wlan with web authentication:
http://i55.tinypic.com/w145zk.png
and
http://i51.tinypic.com/344sfm0.png
When I connect to the SSID (I get correct IP from the Cisco 5508 Controller) and try to surf, I do not get redirected to the web authentication page (https://1.1.1.1/login.html), when I manually insert the URL I get "cannot display the webpage". Any idea?
The virtual interface is 1.1.1.1.
Here is a screenshot of interface and internal dhcp:
http://i52.tinypic.com/2vkm1d2.png
Any idea why clients are not redirecting?
Thanks!Thanks for the reply dmantil!
When I changed the Virtual DNS name to 1.1.1.1 (the same as the IP) I get redirected if I use http://198.133.219.25, but not with http://cisco.com, I get redirected only if I use IP.
I forgot to mention that the controller is in a lab with no access to DNS server. Does the controller check if the domain is valid before redirecting users? I cant find any documentation on how the controller redirect users. -
Local Web Authentication Started after Central Web Authentication
Hi everyone,
We have a DMZ based anchor WLC for a guest WLAN. I have this WLAN configured for central web authentication using ISE 1.2, this works correctly and can login using the guest portal.
However, after logging when browsing to a website everything is redirected to the local web authentication page and the policy manager state for the client goes in to a WEBAUTH_REQD state. I currently don't have any layer 3 security configured for this WLAN, so from my understanding it should just be using the central authentication provided by ISE.
Thanks for your help.
MarkHi Mark,
Thanks - that looks very similar to ours, though I'm doing the 3850 via the CLI as the web UI keeps dying when I click into things.
I've realsed that I unticked the Authentication servers box instead of the Accounting as I miss-read the WLC page, however while the LWA no-longer kicks in, I'm unable to pass anything except DNS traffic. The Anchor says that the client is in "Webauth" state so it looks like it's expecting something, but ISE says it's all ok and I can see the 3850 traffic going through the process flow.
If I attach an AP to the WLC directly and have the accounting box ticked, then it all works exactly as I'd expect - this is just, well, odd....
Warmest
Kev -
Internal Web Authentication + Local Net User
Hi all,
I'm trying to setup the WLC with internal web authentication + local net user account. I've setup a WLAN for this local net user configure the user profile map to this WLAN.
When the laptop get associated with the designated WLAN, and user tried to browse to the internet, the internal web authentication page doesn't appear on the browser.
I'm just curious is there any DNS server require in order to direct the user entered URL request to the virtual interface?
regards.Well if you are using webauth for guest users, you really want to have an open ssid and wither have a username and password on the wlc or use a passthrough webauth where the guest users just have to click submit or accept. If you are using this for internal users, then you really shouldn't use webauth since this will not be single sign on. Again, you can if you want your internal users to sign on again. There is wpa/wpa2 PSK and then there is wpa/wpa2 8021.x in which this will require either using local EAP or a Radius Server. Ther radius server will either have the local user accounts or you can point this to AD. Depending on if you use EAP-PEAP (certificate on the radius server only) or EAP-TLS (certificate on both the radius and clinet) you will need a certificate.
For webauth only, you do not need a certificate on the user or radius server, a certificate will be required on the wlc if you don't want users to be promted with a certifcate error message. 5.1 supports unchained certificates, but I always use RapiddSSL for a root ca cert just to make deployment mush simpler for the client. So webauth and EAP will require certifcates with webauth being optional. -
We have url-directed login page for web authentication.
Why does the Cisco page flashed, in a bit of a sec, before it goes ahead to the directed url.
Unfortunately, some customers are not happy with this.
Can that Cisco page be totally eliminated?no... the client doesn't get the full-blown cisco web-auth page. just at the Title bar of the Window, the Cisco Title bar appears very swiftly and directed right away to the supposed external web authentication page.
the code used and tested with were 4.1.171, 4.2.185, 5.2.157. and the behavior is the same for all code. it will flash that Cisco title bar and then directed right away to the external web authentication page.
nope, we're not trying to do something special. just the customer noticed it and somehow is not happy with it.
what could be the best acceptable explanation we can provide our customer for this very small yet customer-annoying instance. is there a Cisco document that we can show the customer regarding this behavior?
Thanks! -
WLAN Controller Displays Interface IP in Web Authentication URL Instead of FQDN
Hi,
Can someone offer any help with the issue below please?
I have a guest wlan configured on a Cisco 2106 WLAN controller. Guest users are redirected to a Web Authenticaion page when they try to access the internet through a web browser, and can only proceed by succesfully authenticating with the controller.
The problem I have is that the guest users are presented with an SSL certficate error before they hit the web authentication page. I have installed an SSL certificate from Verisign on the controller, and have configured an FQDN for the interface that is used for the guest wlan. However, the certificate error still persists because when the user is re-redirected to the web auth page, the URL in the address bar is presented as the IP address of the interface instead of the FQDN, For example, when a user is redirected, the address bar in their web browser displays; https://1.1.1.5/ instead of https://guestwifi.domain.com/ The SSL certificate that is installed on the controller is securing the FQDN of the interface.
I'm not sure if i'm missing something here, but i'm struggling to find how to get the FQDN to display instead of the IP.
Thanks,
PaulI'm not following what you mean when you sayd "FQDN for the interface that is used for the guest wlan"......
I assume you configured the Virtual Interface to have the dns entry as guestwifi.domain.com but clients are still being redirected to the virtual IP itself and not the dns name?
The only reason I can think of for that happening was if the WLC had not been rebooted since applying the DNS name to the Virtual Interface (it takes a reboot to modify client redirect stuff, the same goes for http vs https).
so guestwifi.domain.com should have a DNS entry resolving to 1.1.1.5, that entry should be on your virtual interface, and upon reboot you should always redirect to guestwifi.domain.com unless you manually type https://1.1.1.5 in the browser. -
Guest access web authentication issue
Hello experts-
we have a problem concerning secure guest access. One controller 4402 is installed in DMZ and is working as guest anchor WLC. The guest user terminates as this anchor wlc. From this controller the client will get the ip address but when the user will open the browser and insert the url like www.cisco.com, there is no redirect to the web authentication page. If we try to reach the virtual IP via Web browser the authentication page will not be seen. Proxy setting in browser are deactivated. DNS works, if no authentication is configured Internet access is working well. But if we configure "Pass Thru", the client is in status "Authentication required" again.
Has anybody any ideas?
Thanks a lot, MartinFirst of all, when you configure the wlan to open, do you see that device on the anchor controller or the foreign wlc? You should see the user authenticated on the anchor. If not, then your mobility between the foreign and anchor is not working. Mping and Eping between the foreign and anchor wlc. Verify that the ssid has mobility anchor configured. Also you must make sure that your ssid on the foreign and on the anchor wlc. The webauth page will need to be installed on the anchor wlc along with the 3rd party certificate if you use one.
-
Browser tool-bars slowing down web authentication
Hi
Browser toolbars such as: yahoo! and windows live are causing the web authentication pages
to load really slow. It's causing a lot of headaches for me and I was wondering does anybody know
a way around this?
I have tested a browser without toolbars and the pages pop up immediately but once any of the toolbars
are added OMG! I could have 2 coffee breaks and still have time before the page loads. Any help here
would be greatly appreciated.Hi Sed,
Use this one, in the *sample editor window*, with the correct sample/audio file in it of course:
Then pick *'classic mode' OR free mode* (both do exactly what you describe) and 'complex' algorithm. You can pick any setting in the Tempo or Pitch fields - they are linked. Click '*process an paste*' and you're done.
Regards, Erik
Message was edited by: Eriksimon
Message was edited by: Eriksimon -
Problem loading internal web auth page when heavy load
Hi
I am troubleshooting a wireless-problem related to the internal web authentication page. Simply, when 5-10 computers opens the web browser and got redirected to the 1.1.1.1-page, no problem. But when 20+ computers do this simultanously half of them takes up to a minute to load the web page.
WiSM:s running latest 6.x-code and 1131 LAP:s.
Anyone experienced the same or know what this can be related to?
Br Jimmyhi surendra
pls c below
we are getting below out put .
Connection to host lost.
C:\Documents and Settings\guest>nslookup
Default Server: blr-ge-dc01.XXX.com
Address: 172.50.6.24
> www.cisco.com
Server: blr-ge-dc01.titan.com
Address: 172.50.6.24
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to blr-ge-dc01.XXX.com timed-out
> -
Wlc5760 web authentication custom page
I have installed custom web pages with our company logo on the autentication pages.
everything is fine, users are able to access the pages and autenticate but the logo image is not showing.
instead of the logo *some text missing * is appearing on the webpage.
my logo file is .gif having a size of 211KB.Downloading a Customized Web Authentication Login Page
You can compress the page and image files used for displaying a web authentication login page into a.tar file for download to a controller. These files are known as the webauth bundle. The maximum allowed size of the files in their uncompressed state is 1 MB. When the .tar file is downloaded from a local TFTP server, it enters the controller's file system as an untarred file.
Maybe you are looking for
-
I purchased several older James Bond movies 2 years ago that have all disappeared from my iTunes and are no longer available. Will I be refunded for these items?
-
SQL Query (PL/SQL Function Body returning SQL query) doesn't return any row
I have a region with the following type: SQL Query (PL/SQL Function Body returning SQL query). In a search screen the users can enter different numbers, separated by an ENTER. I want to check these numbers by replacing the ENTER, which is CHR(13) ||
-
My ipod 4g is in recovery mode but itunes wont restore it please help
it is now a block after going in recovery mode as itunes wont recover it as it stopped in the middle of the process saying it cant find a file.
-
Photo transfer from iPad1 to iMac
How to synchronize or transfer photos from my iPad1 to my iMac, which recently received a new hard disk? The photos were only saved on my iPad...
-
I am attempting to edit existing text within some photos. It doesn't seem to want to cooperate. What is the problem?