WLC 2106 CSR Request For Web Authentication

Similar Messages

• Guest Parameter for Web Authentication

  Hi Forum,
  Just to find out a little more detail in regards to the guest account created for web authentication using Ambassador account.
  1) If the authenticated guest did not perform a proper logout, what action will the WLC take?
  2) As such, is there any timeout involved?
  Where can i tune the timeout?
  Rdgs,
  Kelvin

  Hi I just wanted to add what I have found regarding WCS and the guest feature.
  -There are two ways to configure a "local net user". The first is a static guest ID that has the "guest" flag off. This means that the client's session will not timeout. The second is to specify the "guest" user checkbox and give it a timeout value in seconds.
  This should let you control how long a user is logged in.
  From the WLC login, go to SECURITY --> LOCAL NET USERS --> then click on NEW. From there you can specify a user ID and also set that optional guest user box. If you click on the Guest User box then you will see a timeout field.
  With my guest account set to not be a guest user (no timeout value), I have noticed the following.
  1. If a guest gets disconnected, usually they will reassociate and still be able to log in.
  2. If a guest has problems, I usually tell them to disable their wireless card, close all browser windows, and then reassociate to the network.
  The steps above have worked well for my setup...

• MAC Exception for Web Authentication

  Hello folks.  I currently have a guest network setup using guest tunneling and an anchor controller.  I have it configured for web authentication.   So basically, a client associates to the SSID, obtains an DHCP IP from the guest anchor controller, and then when the browser is launched the client is redirected to 1.1.1.1 and receives the splash page where they are required to click "OK" to proceed and begin surfing the internet.
  I am being told from a vendor that it's possible to use a mac-address exception method so specific clients (based on mac address) will not have to web authenticate.  So basically they bypass the splash screen and can immediately begin surfing the internet. 
  From what I can tell it's all or nothing per SSID.
  Has anyone ever heard of this and if so do you know how it is accomplished.
  Thanks
  Chuck

  I've seen people ask for something like this for like an XBOX in a dorm (appearently XBOX doesn't have a browser?).....
  Bottom line though is that on the WLC, all wireless clients on a WebAuth/WebPassthrough SSID must pass layer3 authentication. There is no way around this on this SSID.  You'd have to create a different SSID as Scott suggested, which I'd probably suggest doing some kind of PSK on it, so only a few priveledged devices can associate.... you could even through in mac-filtering if you really wanted to complicate it....
  Now, I understand that switches may have such a feature called mac-bypass, but it isn't on the WLC.

• How sharepoint understand when user requests for web applications by their DNS names

  HI
  I configured Alternate access mapping in my sharepoint farm for default ,intranet zones
  and spt farm has two web front end servers and they load balancing by F5 device
  in WFE servers there are different web applications are running on different ports
  so here I want to know how load balancing works, load balancing configured in F5 device.
  when users request a webapplication from browser (ex http://cms) where this request will go
  1)when I ping cms and other web applicaations  it returns me a loadbalancer  server IP  for all web applications;
  ping cms : it returns 10.xxx.0.80 , same ip returns when I ping for other web app
  but ex CMS web application run on the 10.xxx.1.26:81 port in sharepoint server
  2) and these sharepoint web applications running on different ports in sharepoint  web servers , so here  how sharepoint understand when user requests for web applications by their DNS names
  http://cms and http://products  etc
  adil

  I'm not sure if the F5 can add a port number (I'm not an expert on load balancers).  But in general if you design the SharePoint site to run on port 81 then you need to have port 81 appended to the request or it won't work.  http://cms in your
  example would take you to http://cms:80 not http://cms:81.  But in general DNS will resolve the address back to the F5 load balancer.  The load balancer will look at the header of the HTTP request (which contains the original address you requested)
  and forward the request to the appropriate web front end IP address.  If your web front end is using one IP address for multiple sites then those sites need to be differntiated by using a custom port like 81 (which must be included in the original request)
  or because a host header was bound to the web application when it was created.  If they are running on different port numbers then the request must include the port number by the time it gets to the SharePoint server.
  Paul Stork SharePoint Server MVP
  Principal Architect: Blue Chip Consulting Group
  Blog: http://dontpapanic.com/blog
  Twitter: Follow @pstork
  Please remember to mark your question as "answered" if this solves your problem.

• Port 80 for Web authentication?

  Hi,
  Is it possible to use port 80 for web authentication instead of port 443?

  Sure... on the later code versions you can set the WebAuth to use either http or https by disabling WebAuth SecureWeb (http) or enabling it for https.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• WLC5760 - CSR request for 3rd party certificate

  I need to generate a CSR request to obtain a 3rd party certificate for my WLC.
  i am not sure how i can do that. all document availble are for wlc 4400.
  let me know if the same process will apply to wlc5760 as well.

  Thanks Matteo,
  I managed to get it done, Yes I used OpenSSL to generate CSR.
  Here what I have learnt about it, including WebAuth Cert installation on 5760. This may be useful to someone else.
  http://mrncciew.com/2014/07/30/5760-webauth-certificates/
  HTH
  Rasika
  **** Pls rate all useful responses ****

• Possible to use http for web authentication?

  Hi All,
  We are using WLC 2500 and AP 1041 with web authentication. Due to we do not have the trusted/public certificate and want to get rid of the certificate warning during the user login. I would like to ask if this is possible to change the web authentication method from HTTPS to HTTP. Thanks.
  Rgds,
  Jacky

  Hi Jacky,
  Yes u can... But there is a  catch..
  1) If ur running WLC code below 7.2.X then the only option is to disable HTTPS globally (Meaning HTTPS management access disabled only HTTP).
  2) If you are running 7.2.X and above, then you can use HTTP for client webauth and then HTTPS for Management access.
  The command for disabling https for web authetication would be:-
  config network web-auth secureweb disable
  Hope that helps
  Regards
  Najaf
  Please rate when applicable or helpful !!!

• Customized web page for web authentication.

  Hi,
  can any one share a working "customized webpage for web authenticaiton", Virtual IP address of the WLC is 5.5.5.5.
  Thanks.

  Hi Nagesh,
  Here's a great download which contains sample templates of each possible type of Web Policy on the WLC:
  http://www.cisco.com/cisco/software/cart.html?imageGuId=7A2F6E79BAE4EFF389E1FA95D96936027AD30AE8
  Best,
  Drew

• JDev sends many net requests for web-jsptaglibrary_1_1.dtd

  When using jDeveloper 9.0.3, I have observed:
  On startup, jDev sends several (50?) requests to java.sun.com for web-jsptaglibrary_1_1.dtd.
  The 'current' project in jDev is a web-prosject containing Struts 1.0.2, and the Struts TLD files are included as files in the project. (this is the only files where I can find a reference to the mentioned .dtd)
  I can understand that jDev does a http get for this file, since the TLD file reference it as remote, but so many requests? (startup of jDev takes 2-3 minutes...)
  If I remove that project from my workspace, and add it again, this behaviour is not seen before I start to edit a file in the project (makes it current project). Then startup of jDev changes from 15 seconds to 3 minutes.
  Many requests for the DTD is also sent:
  - if I close a TLD file with that .dtd reference in the editor pane,
  - if I remove the project from the workspace.
  Anyone else who have seen this behaviour? any workarounds?
  thanks,
  Trond

  Alan,
  As far as I can see all the classes and jars are in the right place and the .tlds and .xml files all seem to tally
  Check if commons-logging.jar is in your project WEF-INF/lib. If not copy it from <jdev_home>/jakarta-struts/lib.
  Charles.

• WLC Virtual Interface config for a public SSL cert for Web Authentication

  I'm trying to get a cert loaded on my 5508 WLC running 7.6.130.0 so when a Web-Auth users tries to authenticate they don't get the SSL cert error.
  In the document "Generate CSR for Third−Party Certificates and
  Download Chained Certificates to the WLC"
  Document ID: 109597 it states the following
  "Note: It is important that you provide the correct Common Name. Ensure that the host name that is
  used to create the certificate (Common Name) matches the Domain Name System (DNS) host name
  entry for the virtual interface IP on the WLC and that the name exists in the DNS as well. Also, after
  you make the change to the VIP interface, you must reboot the system in order for this change to take
  effect.
  Here are my questions.
  1. I have always had 1.1.1.1 as the address of the Virtual interface, should that change or can I leave it as 1.1.1.1?
  2. In the "DNS Host Name" Field do I simply put the domain or the FQDN?  Example. Company.com or hostname.company.com

  Hi,
  1) You can change that if you want. Normally it is non-Public and non-routable in your network.
  2) Put the Host name for which you are going to give in your company DNS server where that Host name would be mapped to the Virtual ip address.
  Regards
  Dhiresh
  ** Please rate helpful posts**

• mx:request for Web Services

  Hi, I am trying to invoke a web service which has nested
  objects in the soap body. Could I specify objects in
  <mx:request>? For example:
  <mx:request>
  <DeptId> 13</DeptID>
  <Employee>
  <Name> John Doe</Name>
  </Employee>
  </mx:request>
  In general, what is a better way to create custom soap body
  (e.g. with name space, etc.)?
  Thanks,
  EH

  I suggest building the request object in AS:
  var oRequest:Object - new Object();
  oRequest.stringProperty = "mystring";
  oRequest.objectProperty = new
  Object(prop1:"popvalue1,prop2:2, prop3:somevariable,...);
  myHttpServiceId.send(oRequest);
  Tracy

• Installation is requesting for Proxy Authentication. Why?

  We have been trying to install Adobe CC for our teaching pools but every time it is requesting to enter proxy authentication. We are installing it over a wireless network that is free of proxy issues. Why is this happening? I tried looking for some numbers to call for support but there are none. Please help. We cannot proceed with our classes with this problem.

  Creative Cloud chat support (all Creative Cloud customer service issues)
  http://helpx.adobe.com/x-productkb/global/service-ccm.html

• WAD: Design request for web template with re-occuring table object

  Hi all,
  I'm trying to create a web template design in WAD (WAS 6.20) using javascript that would loop and re-use the same table web item object displaying different sales employee data. The challenges I'm facing is that the number of employees to report on might be different for the reporting period and the report should have a sales employee specific header preceeding each table. And also the customer is looking at receiving a canned (precalculated) report generated weekly.
  I'm thinking that I could try looping through the 0salesemply characteristic values as displayed from a dropdown box object and pass the individual value as the table object's filter value and hopefully re-generate and render the same table with different filter values until the end of sales employee list of names is reached. Within that same loop, a second table pointing to a different data provider can also display selective data specific to that sales employee.
  My question is would such a design render the same table item multiple times based on the number of 0salesemply values and on a single web page. Would such a design work or would I need to look at designing a BSP application querying the ODS table directly.
  If anyone has any comments on how else I can achieve this or can provide examples of similar design it would be very much appreciated.
  Thank you all.
  Frank
  Message was edited by:
          Frank Goneau
  Message was edited by:
          Frank Goneau

  Hi all,
  I'm trying to create a web template design in WAD (WAS 6.20) using javascript that would loop and re-use the same table web item object displaying different sales employee data. The challenges I'm facing is that the number of employees to report on might be different for the reporting period and the report should have a sales employee specific header preceeding each table. And also the customer is looking at receiving a canned (precalculated) report generated weekly.
  I'm thinking that I could try looping through the 0salesemply characteristic values as displayed from a dropdown box object and pass the individual value as the table object's filter value and hopefully re-generate and render the same table with different filter values until the end of sales employee list of names is reached. Within that same loop, a second table pointing to a different data provider can also display selective data specific to that sales employee.
  My question is would such a design render the same table item multiple times based on the number of 0salesemply values and on a single web page. Would such a design work or would I need to look at designing a BSP application querying the ODS table directly.
  If anyone has any comments on how else I can achieve this or can provide examples of similar design it would be very much appreciated.
  Thank you all.
  Frank
  Message was edited by:
          Frank Goneau
  Message was edited by:
          Frank Goneau

• Is there a way to store credientials for Web authentication?

  I use an IPAD in my corporate network and have this nagging problem of "dropped wifi" after some idle minutes. True, this forced drop out could be due to my corporate router security settings (although they swear it is not there) but here is what frustrates me:
  1. That a Samsung tab works on the same floor in the office (on same wifi network) without dropping frequently.
  2. That if the Samsung tab's connection does drop once in a while, it can reconnect quickly. This is because it stores the web site id, user id and password.
  My question is why can't an IPAD store the router website url and user id and password that is needed to re login?
  If anybody else encounters this issue on an airport or a hotel room, please let us work for the solution togther.
  Regards
  Sanjay

  I would check the web skype historic somewhere in the c: the machine eg in the folder " % temp % " for the company to use the skype app just that some older machines are complaining of memory because it is very heavy for them ... one of the fulga options that I found was the web skype but the only problem I found was that there's no way we monitor the message traffic as we made already ...

• WLC: which software-version support SHA2 certificates for Web Authentification and Web Management ?

  Hello,
  I tried to install new SHA2 3th-Party certificates on our WLCs. There are old WiSM1-Boards and 2504 to support our old 1230 Access Points, running 7.0.251.2, which didn't install it, although the config manual for 7.6 and 8.0 say that SHA2 certificates are supported since 7.0.250.0. When I tried to install the SHA2-certificates I get the message "File transfer failed" an the log says:
  *TransferTask: Dec 12 13:22:14.394: #UPDATE-3-CERT_INST_FAIL: updcode.c:1869 Failed to install Webauth certificate. rc = 1
  *TransferTask: Dec 12 13:22:14.394: #SSHPM-3-KEYED_PEM_DECODE_FAILED: sshpmcert.c:4085 Cannot PEM decode private key
  I tried to install the same certificates on our WiSM2-Boards, running 7.4.121.0 and I failed too. The same certificates could be installed on a 2504 running 8.0.100 without any problems.
  In all 3 cases I tried to install unchained certificates for web management and Level 3 chained certificates  for web authentication. I used the following guides to get the certificates (e.g. taken from the config manual 8.0.100):
  http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/109597-csr-chained-certificates-wlc-00.html
  http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/70584-csr-wlc-00.pdf
  Which software versions support SHA2 certificates and which didn't ? Is the a list for it ?
  Regards

  Hello,
  I solved the problem. First I used a Debian Linux system with Openssl 1.0.1. After I searched the internet using one of the log messages above I found sites which mentioned to use Openssl 0.9.x. So I tried a productive and security fixes Debian Linux System running Openssl 0.9.8 and I succeeded. The wlcs accepted the certificate files and used it after a reboot. The Web GUI still shows a SHA1 Fingerprint, but the certificate signature Algorithm is SHA2:
  Signature Algorithm: sha256WithRSAEncryption
  When you check the openssl.org homepage Openssl 0.9.8 is still one of the actual version of openssl and is still available and fixed. But the Openssl Roadmap says:
  "We don't want to have to maintain too many branches. This is likely to include a timescale for the EOL of version 0.9.8"
  I don't know the differences between certificates made with openssl 0.9.8 and 1.0.1. Is there anybody who can explain it to me ?
  Regards