WLC 4402 web auth Internal login page

Similar Messages

• Cisco WLC 5508 simultaneous Web Auth Users logins?

  Hi there,
  We have 2 WLC5508 (7.2.111.3) with several SSID's.
  One of them is configured as Passthrough with an external splash server. Works fine.
  Now we want to use the "On MAC Filter failure".
  If the client MAC-adresse is configured under MAC Filtering on the WLC, the authentication is done without WebAuth.
  If MAC-adress is not known, the client will be redirect to the external WebAuth server for authentication.
  To keep the Passthrough functionality for the user, we hardcoded an username&password in the splash-page.
  So, every client WebAuth uses the same username&password for authentication against the WLC.
  User Login Policies is set to unlimited.
  So far so good, it seems to work, but I have read, that Cisco 5500 controllers supports only 150 simultaneous Web Auth Users logins.
  The two WLC's have abount 100-170 clients connected.
  Question:
  - Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
  - Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
    If yes, some guide information wolud be great.
  - When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
  Thanks for the answers ;-)
  Kind regards,
  Norbert

  Question:
  - Will these be an issue with the 150 simultaneous logins, despited when usin only one user for all Wifi-clients?
  > I believe this means at the same time... I have clients doing the same thing with hundreds or more of guest users
  - Can the user WebAuth be done with a Cisco ISE like Passthrough, no username&password should be entered by the user.
    If yes, some guide information would be great.
  > ISE is really used to login with a username and password and to be able to profile.  You would need to ask that on the Security forum to get their input if this is something then would do or just leave it on the WLC
  - When successfully authenticated, a logout screen shows on the Windows client. Can this be hidden some how?
  > Not really... some machines with popup blocker does block this and you don't see the logout, but you can't remove this.
  Thanks,
  Scott
  *****Help out other by using the rating system and marking answered questions as "Answered"*****

• WLC 5508 Web Auth Splash Page: Is it possible to place a download?

  Hi,
  I know it is possible to create custom web auth splash pages on the WLC 5508. Is it also possible to embedd a small document (less than 1MB) that users can download directly from the controller? I need this for providing the terms of use for the Guest WLAN.
  Thanks
  Michael

  It could be done, but you will want to stay within the limits of the WebAuth bundle size (~ <10MB I believe).  This shouldn't be a problem considering a .doc size, but I have to ask the same question.   Why would you want to do this as opposed to just putting your terms of use inline to the page as just text/html?  Maybe there is a good reason, but I can't really think of any scenario.  Feel free to elaborate.

• WLC 4402 Web Authentication, Mac Filtering and Layer 2 Seciruty

  Hi All,
  I have configured web authentication and Mac filtering on WLC 4402 for my wireless network and its working fine. I wants to configure layer 2 security for the same Wireless network without pre shared key. Could you please advice how to configure layer 2 security with web authentication withour preshare key.
  Is there any security issue with web authentication and Mac FIltering only? My concern in my wireless network shows open.
  Thanks,
  Kashif

  Hi,
  if you have a ACS, then you can do Web auth Splash page!!! Please refer to the below doc!!
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080956185.shtml
  Lemme know if this answered ur question!!
  Regards
  Surendra

• WLC Custom Web Auth Bundle sample .tar file is not on WCS

  The WLC documentation would make it appear (or maybe previously) you should download a sample web auth bundle code from the WCS Templates. I was never able to find a sample .tar file on the WCS 7.0.172.0 templates.
  However I found on Cisco.com under Support > Downloads > Products >Wireless> Wireless LAN Controller Standalone Controllers> Cisco 5500 Series Wireless Controllers > Cisco 5508 Wireless Controller > Wireless Lan Controller Web Authentication Bundle-1.0.2  > webauth_bundle-1.0.2.zip
  It was updated in June 2011, some pretty good sample html code.
  The readme.html in the sample webauth_bundle-1.0.2.zip file has been very helpful , almost as good as the suppport community web page on custom web auth.
  https://supportforums.cisco.com/docs/DOC-13954

  WCS config guide 7.0.172 is correct
  http://www.cisco.com/en/US/docs/wireless/wcs/7.0MR1/configuration/guide/temp.html#wp1129979
  The bundle in WCS is downloaded through :
  configure->controller
  "select a command"-> download customized webauth bundle.
  Just tested it and it was there.
  The one on cisco.com is better though

• WLC 5508 Web Auth and EAP / PEAP

     Morning all, I'm looking for some clarification.
  Current setup:
  I work in a school, a few years age I installed a 4400 WLC and several APs as a proof of concept exercise to see whether wireless technology would be of benefit to teaching and learning. It was deemed to be so.
  This summer I installed 2 x 5508 WLCs and increased AP coverage to 50 - copied over the configs from the old controller - all works fine.
  Currently only the staff can access the WLANs with the exception of a public WLAN in the canteen area.
  Because there are a limited number of devices, WPA2 in conjunction with MAC filtering was used. However the school wants to open the wireless network to all of the students - potentially this means up to 1000 devices that will no doubt change on a regular basis so MAC filtering is out.
  In line with child protection policies I need an 'auditable' trail when students access wireless resources.
  Planned setup:
  I have setup a test WLAN that uses Web Auth - the WLC is configured to pass authentication requests  ( through an ASA ) onto a RADIUS server which is tied into AD. I have a CA setup as well as a NAP server.
  There is no layer 2 security set on the test WLAN and layer 3 is just web authentication. From any mobile device I can authenticate against AD and gain access to the Internet.
  Clarification:
  With no layer 2 security the WLAN is exposed so I need to introduce some form of end to end encryption - so I am looking at deploying EAP / PEAP.
  Would the introduction of EAP / PEAP keep the network as secure as if I was using WPA2 ?
  Many thanks.

  If you are web authentication you cannot use dot1x as L2 security , so EAP is not an option.
  But you can use preshared security , like WPA2 AES with web auth to insure that the traffic is encrypted.
  or you can define a wlan profile with dot1x security on l2 and nothing on l3 , by doing so you would definetely hit the utmost security poossible.
  Check the following link which contain couple of EAP config examples:
  http://www.cisco.com/en/US/partner/tech/tk722/tk809/tech_configuration_examples_list.html
  Please make sure to rate correct answers

• WLC Customized Web Auth

  can i have a customized web auth portal loaded into the WLC? or i need to have an external server and load the customized web auth.                  

  Here is a link
  http://www.cisco.com/cisco/software/release.html?mdfid=282600534&flowid=7012&softwareid=282791507&release=1.0.2&relind=AVAILABLE&rellifecycle=&reltype=latest

• PALM with WLC 4400 (Web Auth Portal)

  We cannot get the Web Portal splash page to display on wireless Palm units....the site simply hangs. Is there any fixes out there for this problem. Thanks for all replies!!

  Has anyone else seen this Palm/WebAuth issue or found a fix? I am seeing this on our Palm devices too. Running 4.x code with internal guest auth, laptops work just fine with the https://1.1.1.1 redirect, but the Palm just hangs. Could it be the certificate is not valid and the Palm has no way to prompt for that message like a laptop. Any ideas?

• WLC 4400 web auth issues

  Hello,
  I am experiencing an issue with my model 4404 Wireless controllers that has plagued me for some time now. I have two controllers with 106 AP's split evenly between the two controllers. One of my SSID's is setup with web authentication.  I have one Radius server (Cisco ACS v 4.1). The problem only exists for the SSID that uses web authentication. Reports begin to come in that students cannot login to the wireless using the student SSID that uses web authentication. The student can get to the web authentication page, but when they put in their username and password both fields go blank. You can do this over and over with no errors, and the logs in the controller show nothing to indicate any issues (you don't even see the attempted login). I obtain one of the student logins for testing and here is what I have found. I attempt to login to the student wireless with this account and recieve the same results as the student. I have an AP in my office that I use for testing so I force it on to the other controller. At that point the account in question works. I can login without any issues. I force the AP back to the initial controller and experience the same issue, I cannot login. No error of bad username and password, just login fields that go blank. More reports come in that students cannot login and I find that all issues are related to this controller. The next morning I reboot the controller and everything works for a week or more and then it all starts over again. The next time it may be the other controller that is experienceing this issue. A reboot of the controller always fixes the issue for the short term. The issue appears to be controller related but I cannot pin it down.  I recently upgraded my controller code from 4.2.61.0 to 6.0.188.0 at Cisco's recommendation. Unfortunately the issue still exists. Scouring the forums produces a few other people encountering the same issue but none seem to have found a fix. Does anyone know if this is a known issue with this model controller?
  Thanks much for any help.

  Thank you for your response Dennis, it is greatly appreciated. I do not find any mount errors in the crash log. However I did finally find something in the message logs that I was unable to find before. I did not copy this message so it is not verbatim. The error message states that the user cannot be logged in possibly due to being logged in somewhere else. At that point I pour over every client on the controller even filtering by mac address. I see no evidence of the client being associated or authenticated. On a side note I can see the client as associated if the wireless card is enabled. Checking the ACS does not show a failed authentication. Again, rebooting the controller seems to clear some sort of radius accounting on the controller that I am unable to clear manually without a reboot. Thanks again for your response.

• HREAP with web-auth (internal)

  I have a lwap at a remote site that is configured as HREAP so that it can continuously provide connectivity when the WLC is un-reachable.  I have two vlans on the lwap.  One is locally authenticated and locally switched for intranet connectivity.  The other is for internet connectivity and I wanted that one to be locally switched, but authenticate at the WLC.  When I configure the WLAN as HREAP - locally switched, it doesn't work.  If I configure the WLAN as non-HREAP it works.  Anyone know what the trick is to get this thing to work?  I want my internet wlan at that site to be locally switched but centraly authenticated.  My WLC only seems to have a selection for HREAP - Local switching, it doesn't have anything you would check to specify central authentication.
  My WLC (2106)  is version 6.0.182.0 and my lwap is an 1142n.
  Thanks!

  In the first document:
  Q. Can I do web authentication with Local switching?
  Yes, you can have an SSID with web−authentication enabled and drop the traffic locally after
  web−authentication. Web−authentication with Local switching works fine.
  1.  WLAN, (wlan you want to local switch), Advanced tab, click the "H-REAP Local Switching" checkbox.
  2.  Wireless, (click the h-reap modify), H-REAP tab, click "Vlan Support", Vlan Mappings button, then map the wlan to vlan you want to drop traffic onto.
  Also, for wan up/local switched wlans authentication still happens on the controller until the h-reap goes into wan down.  WLANs default to central switching, you have to define the ones which need to be locally switched as described above.

• Client Excluded ReasonCode on WLC for Web Auth

  Hi.
  I wonder if you can point me at a table that defines the Reason Code(s) for Client Exclusion Failure? See the example event log entry below from a Guest Controller for Web Authentication failure (that was resolved - Internet router down) but I was wondering if the Reason Codes would be useful in troubleshooting. Many thanks in advance.
  Tue Aug 28 10:45:31 2007 Client Excluded: MACAddress:00:16:6f:b3:20:0a Base Radio MAC :00:00:00:00:00:00 Slot: 0 Reason:Web Authentication failed 3 times. ReasonCode: 4

  I haven't tried it recently. But I'm afraid of this one :
  CSCsy88149 Chained certificate can not have Wildcard * character in hostname
  Even if bought at verisign or any root CA, your cert has a good chance of being chained since they very often use an intermediate CA. I know wildcard certs are supported but this bug seems to say that it doesn't work for chained.
  again, I didn't verify it mysefl

• WLC 4402 - only present guest with web auth page once every (x) days

  Hi all,
  I am looking to migrate our guest wireless from a third-party system to the WLC.  Currently, we change our guest password (WPA2 PSK) every (x) days.  Each time the guest password is changed and connections are made with the new PSK, guests are redirected to a terms and conditions page which they must accept.  The MAC address is then cached and the page is not displayed again until we clear the MAC cache and change the PSK.
  I can almost replicate this with web auth in passthrough mode on the WLC, but it presents the guest with the terms and conditions page each time they reconnect to the WLAN, whether it be from roaming offsite or turning the wireless radio off then on.
  Is there any way to have the WLC replicate our current system, where a MAC is cached and the page is not displayed until some other event takes place (changing the PSK or clearing the cache?)
  Thanks!
  -P

  Wait ... Shaoqin, will the 7.5 code be released for the 4400 series controllers?  The current release is 7.0.240.0 - I see releases up to 7.4 on the 5500 series controllers
  Thanks
  -P

• WLC 2504 - French characters for guest web login page

  Good day,
  I have recently installed a WLC 2504 and I have the following issue:
  When I modify the text for the web login page (Under security/Web Auth/Web Auth page), if I use french caracters such as (é, è, à, etc...) in the message body, it does not show up correctly on users computers. As we're a bilingual country, I must put a bilingual text message. Are there any settings or workaround out there to rectify this?
  We're on version 7.2.103.0
  Thanks,
  Eric

  Thanks Scott, I'll have a look at the documentation.
  Right after sending this post, I tried typing the actual HTML code for the character instead and it seems to be working. I'm curious about custom webauth page, we may be able to customize it more than we thought we could do.
  Cheers,
  Eric

• Web auth with , intenal web page of WLC and ISE as radius server

  Hi All ,
  We have created a SSID as web auth with internal web page for login . In advanced tab we configured AAA server.  AD is integrated with ISE .
  When the user tries to get connect , he is getting redirect URL . But during the authentication , we are getting error in ISE as
  "ise has problems communicating with active directory  using its machine credentials "  and authentication getting failed .
  When we have L2 security mechanism enabled with PEAP , ISE is able to read the AD and providing authentication .
  Only for L3 web auth it is not happening..
  Any clue on this ..???
  Thanks,
  Regards,
  Vijay.

  Machine credentials requires a lookup on the computer OU and that has to be defined on the client side.
  Thanks,
  Scott
  Help out other by using the rating system and marking answered questions as "Answered"

• Web Auth page not working on WLC

  I have a WLC 4402 and I upgraded the s/w from 4.1 to 4.2.176 since I did the web auth on my Guest wlan does not work. I can connect to the wireless ok and when I type in a web address I should get the web auth page but I just get "This page cannot be displayed". However if i type in the ip address of the WLC in the addrsss bar I get the web auth page and it work fine form then on. The web auth page worked fine on ver 4.1. Any ideas?

  I opened a TAC case this morning on this same problem, and my solution is what is listed above (config network secureweb cipher-option sslv2 enable)
  Basically, SSLv2 is disabled in 4.2. The Default is now SSLv3.
  Depending on your Internet settings, if IE is configured to use SSLv2, the webpage will not work.
  So in internet explorer, tools, internet options, advanced, There will be a checkbox next to Use SSLv2. (Even if Use SSLv3 is enabled, you still have the https issue).
  Basically, my issues was that a select few users could not Web authenticate and a select few admins couldn't HTTPS manage the GUI. Turns out in all cases, the computers that were all able to work, did not have SSLv2 enabled.
  By enabling SSLv2, all affected users now work (I think).