Bundle of Web authentication on a WLAN controller integrated Catalyst 3750
We have set up a wifi zone based on a few 1131AG access points and a few Cisco 3750 integrated WLAN controllers. We are now trying to use web authentication for our comments area. No problem by defining a WLAN of COMMENTS and the associated VLAN. We have also managed to download a custom controller authentication web page.
However, when I try to display the custom page, both controllers of show me the internal default page (preview and during the phase of actual authentication).
Global web authentication settings are the following: Security--> Auth Web--> Web Login Page--> custom (downloaded).
On the controller software version is 4.2.112.0, and the page is an HTML page.
Reveal any help be appreciated.
Kind regards
Sonia
What you need to do is set internally (by default) and hit apply, then play again to custom and click on apply. You can still see the defaul if you use the preview, but if you associate the SSID and open your web browser, you should get the webauth page. I hope this helps.
Tags: Cisco Wireless
Similar Questions
-
Web authentication passthrough with input from the e-mail
Is it possible to use a custom login.html page when web auth/passthrough is used with the input of the email? I have a requirement to have just the users to register with an e-mail address and I need to provide a custom page.
I receive custom login pages, but I can't figure out how to make a customized with only e-mail login.html page entry.
Any help is appreciated.
Thank you
Kurt
You should also check wireless downloads. In the area where you can find the code of the controller to download, you can also find a 'Wireless LAN Controller Web authentication Bundle' containing several samples of html, including e-mail data.
This link might work, maybe not:
-
Hello
I bought a new controller (model 2500) Cisco wlan and a point of access from a provider certified Cisco. Can I register the controller on the
Site Web of Cisco to enable access download software associated with this controller? I want to download the latest version of the software "AIR-CTVM-K9-8-0-100-0.aes".
but I'm not allowed according to my profile.
So, how can I access the latest version of the software for my 2500 WLAN controller?
Concerning
Gideon
Can I register the controller on the Cisco website to enable access to download software related to this controller?
Yes and no.
The quick answer is no. your authorized reseller of Cisco should be able to "join" the serial number of your WLC in your Service Agreement and your Service agreement is attached to your CCO login.
If you go direct to Cisco, it will take time to get to the bottom of the details, you need to provide a lot of information so it's best to get your Cisco reseller to contact them.
-
WLC (foreign-anchor), problem with external web authentication->; ISE
Hello guys
I am designing a platform for a network of comments, which must be isolated from the LAN, the following facilities:
- ISE 1.2 (SNS-3415-K9 Cisco)
- WLC 7.0.230.0 (Cisco 5508 controller)---> foreign wlc
- WLC 7.0.230.0 (Cisco 5508 controller)---> wlc anchor.
The PAES tunnel between wlc is successfully completed.
The wireless client gets the IP address of the anchor wlc (DHCP server).
Test 1:
I have set up the ANCHOR WLC with local web authentication (internal), the wireless client is authenticated by WLC and successfully navigate.
Test 2:
Configure the authentication web external anchor (ISE) WLC. Configure a user to the portal comments ISE.
The wireless client gets the IP address of the anchor wlc (DHCP server), attempting to engage not display comments portal.
Debugging a wireless client, try to connect to the guest network is attached.
That's right... they have a version of code required minimum supported for this.
Thank you
Scott
Help others using the system of rating and marking answers questions like "answered."
-
Assignment of VLAN dynamic of the Web authentication
In a firmware WLC 4402 v.5.2.157 is possible to assign users to one VLAN dynamic based on the RADIUS response received from ACS?
Yes and no. You can do for a WLAN 802.1 x internal, that the customer does not get an IP address, until they have completed the authentication process. To do this, you use 64/65/81, 64 802, 65 VLAN and to 81 use the name of the interface, not the number VLAN. you will also need to make sure you have AAA Overrided activated under the WLAN.
If, as is said for Web authentication, the answer is no. The client has an IP address before being validated by the AAA server.
HTH,
Steve
-
Independent WAP Web authentication?
Is it possible to do the redirection of web authentication using 1131 s independent or that the function is available with WLAN controllers?
Hello
Authentication on the Web is only a solution for a unified environment (WLC). Autonomous aPs cannot perform this function.
-Patrick Croak
TAC wireless
-
Activation of RADIUS Auth/Acct on WLAN controller 4402
Hi all
Just need to activate authentication RADIUS and accounting on Cisco 4402 WLAN controller, so this controller WLAN what admins can be authenticated through a RADIUS server.
I want to assure you that I could connect via the console or the local user account, if the RADIUS auth/acct on WLAN controller does not work for some reason any. I don't want me locked out if RADIUS auth/acct does not work.
I have set up RDIUS for switches cisco 3750 and works very well.
any suggestions please.
Thank you very much.
Keita.
You must set the order
Security > priority > user management
Network user is for wireless authentication.
~ BR
Jatin kone* Does the rate of useful messages *.
-
Web authentication Catalyst 2960
Hello
I am trying to configure Web authentication relief on a catalyst 2960 switch. The goal is to authenticate customers via web authentication that are consistent (the part of 802. 1 x works fine) not 802. 1 x and allow them access to the network. The problem is that the web authentication seems to fail.
The equipment about my question: switch catalyst 2960 (version: 122 - 37.SE) and a FreeRadius.
Here's what happens:
The authentication window will appear in my browser and the access request is sent to the RADIUS.
The term RADIUS replies with an Access-Accept. Debugging running on the switch show that all this information is coming properly authentication and switch outputs debug a 'status = PASS' and permission to debug outputs a 'status = PASS_ADD'. Despite this the browser on the client generates a message "authentication failure".
I have read the manual and the Cisco attribute value pairs are mentioned: ' priv-lvl = 15' and «proxyacl...»» ». They are required to make it work? Given that I'm not setting up any authentication switch connection via RADIUS.
Any suggestions?
Thanks in advance
Yes, they are mandatory.
If priv-lvl = 15 is not returned to the switch, the user will see? Authentication failed? and the access list will not apply. If the source in the statements of proxyacl field is not? everything? or there are other errors of syntax, the user will see? Successful authentication? but the access list will not apply and the user will be denied access to the network.
Not sure about the configuration of specific FreeRADIUS, but you need to set up the? [026\009\001] Cisco av pair VSA. It should look like:
Priv-lvl = 15
proxyacl #10 = ip permit a whole
Let me know if this lets you squared
-
What is the method to provide redundancy to the WLAN controller
the function?
The unified access point allows a backup controller WLAN? In this case, the configuration of the two controllers is automatically synchronized?
Hi Andres,
The world of WLC is how an AP is covered in case of failure of a WLC. It is not without some "down time" in case of failure, but two controllers are active. You must keep in mind that the AP cannot be certified a WLC both so it of the best you can do when a WLC fails AP then must re - register with the backup, it is not a process completely seamless.
This has some really good info;
WLAN controllers to access tipping points light Configuration example
For more recent versions of release WLC (there are also)
Controller LAN wireless and lightweight external Tipping Points access the sample Configuration of mobility group
http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00809817ca.shtml
See you soon!
Rob
Thank you to support CSC helps Haiti
-
Inconsistent WLAN controller with AP 'AIR-LAP1142N-E-K9.
Hi all
We have awireless LAN Controller "Cisco 4402 with software version 3.2.150.10" we use the Access Point 'AIR-LAP1242AG-E' and his works fine, we bought the new APs with the model "AIR-LAP1142N-E-K9" but its not working with our controller and restart continuously. I connected the console and checked the logs from the console that is given below. Please let me know is this controller WLAN is compatible with the APs new or not, or do I need to upgrade the operating system of the LAN Controller and if I upgrade the operating system of the WLAN controller it will support the old APs or not.
Thank you in advance for your response and support.
32K bytes memory simulated by flash not volatile configuration.
Basic Ethernet MAC address: C4:7 D: 4F:3 A: 9E:D0
Part number: 73-11451-08
Kit numbered PCA: 800-30554-06
Revision number of PCA: A0
Serial number of PCB: FOC14080B1U
Top Assembly part number: 800-31273-04
Top of page the Assembly serial number: FCZ1414W1X5
Top of page revision number: A0
Product/model number: AIR-LAP1142N-E-K9
% Please first set a domain name.Press RETURN to get started!
* 00:00:06.561 Mar 1: * CRASH_LOG = YES
MAC Ethernet address of base: C4:7 D: 4F:3 A: 9E:D0* 00:00:06.749 Mar 1: % LWAPP-3-CLIENTEVENTLOG: reading and initialized event AP log (contains 82 messages)
* 00:00:08.794 Mar 1: % LINK-3-UPDOWN: Interface GigabitEthernet0, changed State to
* 00:00:08.810 Mar 1: % SYS-5-RESTART: System restarted.
Software Cisco IOS, C1140 Software (C1140-RCVK9W8-M), Version 12.4 JA (21 a), RELEASE SOFTWARE (fc1)
Technical support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Updated Tuesday 8 June 09 16:28 by prod_rel_team
* 00:12:08.010 Mar 1: % CAPWAP-5-CHANGED: CAPWAP changed state of DISCOVERY
* 00:12:08.982 Mar 1: % LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0, changed State to
* 00:12:18.211 Mar 1: % ADDRESS_ASSIGN-6-DHCP: Interface GigabitEthernet0 assigned address DHCP 172.20.20.228, mask 255.255.255.0, hostname APc47d.4f3a.9ed0* 00:12:28.972 Mar 1: % CDP_PD-2-POWER_LOW: all disabled radios - WS-C3560G-48PS NEGOTIATED (0026.98a6.2786)
Translate "CISCO-CAPWAP-CONTROLLER"... the domain server (192.151.106.8) (192.151.106.6)Translate "CISCO-LWAPP-CONTROLLER"... the domain server (192.151.106.8) (192.151.106.6)
* 00:12:37.968 Mar 1: % 3-CAPWAP-ERRORLOG: did not get the server DHCP server log settings.
* 00:12:37.971 Mar 1: % 3-CAPWAP-ERRORLOG: could not resolve CISCO-CAPWAP-CONTROLLER
* 00:12:37.973 Mar 1: % 3-CAPWAP-ERRORLOG: could not resolve CISCO-LWAPP-CONTROLLER
* 00:12:47.974 Mar 1: % 3-CAPWAP-ERRORLOG: go join a lwapp controller
* 00:12:47.974 Mar 1: % LWAPP-3-CLIENTERRORLOG: put AddressCalled of Transport
Writing of the
* 00:12:47.981 Mar 1: % LWAPP-5-CHANGED: CAPWAP changed State to ADHERE
* Jun 29 16:32:00.616: % SYS-4-PUPDATECLOCK: periodic update clock with ROMMON failed because size left in ROMMON (4294967295), large (29), error code (- 1).
* Jun 29 16:32:00.616: % SYS-5-RELOAD: reload LWAPP CUSTOMER the request. Reason for charging: CONTROLLER INCOMPATIBLE VERSION.
* Jun 29 16:32:00.616: % LWAPP-5-CHANGED: CAPWAP changed state at the bottom of the event log in NVRAM...using the values from the eeprom
WRDTR, CLKTR: 0 X 86000800 0X40000000
RQDC, RFDC: 0X8000003B 0X0000020Finit done DDR
IOS Bootloader - start System.
XMODEM file system is available.DDR used values of the system serial eeprom.
WRDTR, CLKTR: 0 X 86000800, 0 X 40000000
RQDC, RFDC: 0X8000003B, 0X0000020FPCIE0: the connection is established.
PCIE0: VC0 is active
PCIE1: the connection is established.
PCIE1: VC0 is active
PCIEx: initialization done
flashfs [0]: 5 files, 2 folders
flashfs [0]: 0 orphaned files, orphaned directories 0
flashfs [0]: Total number of bytes: 32385024
flashfs [0]: bytes used: 2271744
flashfs [0]: available bytes: 30113280
flashfs [0]: flashfs fsck took 16 seconds.
The system eeprom read cookie series... Fact
MAC Ethernet address of base: c4:7 d: 4f:3's: 9e:d0
Ethernet speed is 1000 MB - FULL duplex
Loading "flash:/c1140-rcvk9w8-mx/c1140-rcvk9w8-mx"...#######################################################################################################################################################################################################################File "flash: / c1140-rcvk9w8-mx/c1140-rcvk9w8-mx" unzipped and installed, point of entry: 0x4000
execution of...
ENET stoppedIf you have login valid ORC, go to Support > download software > > Cisco Wireless LAN Controller 4402 Wireless > Wireless LAN Controller Software
Release notes for the controllers wireless LAN Cisco and Points of light access for version 7.0.98.0
http://www.Cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
Upgrading to a new version of the software
http://www.Cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html#wp472449
Remember messages useful rate. Thank you.
-
Ie9 beta does not have the web authentication
Hello
/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 cm 5.4pt cm 0 5.4pt ; mso-para-margin : 0 cm ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : SimSun ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : Arial ; mso-bidi-theme-font : minor-bidi ;}
I have a question:
We had a user who defines the Cisco web-authentuicated WiFi SSID as network Public in the firewall of Windows 7 and when he tried to connect to WiFi, it appears a troubleshooting page and said: "Connection to Web pages are currently redirected to a different Web page." It uses IE9 beta. Most likely the browser it's a MiTM attack.
Apart from declaring (SSID) network as a private network secure, y at - there another solution?
Our goal is to get the users (which come from major conferences) on the network without them having to change a lot of things on their laptops. They would be naturally defined as a Public network.
Thank you
Suman
The concept of web authentication IS a man in the Middle somehow attack... And IE9 is not a browser supported either.
I don't know what makes IE cause this error exactly well. You have a DNS host name and the certificate on your webauth?
Nicolas
-
The web authentication.
I want to configure a switch for IEEE 802 authentication port. 1 x with web authentication as a means of rescue.
Can anyone provide an example of a valid configuration?
Only web authentication does not work!
Switch #sh run
Building configuration...
Current configuration: 3012 bytes
!
version 12.2
no service button
horodateurs service debug uptime
Log service timestamps uptime
no password encryption service
!
Switch host name
!
!
AAA new-model
Group AAA authentication login default RADIUS
connection of line-con AAA authentication, no
Group AAA dot1x default authentication RADIUS
Group AAA authorization auth-proxy default RADIUS
!
AAA - the id of the joint session
switch 1 supply ws-c3750 - 48P
mtu 1500 routing system
IP subnet zero
IP - cisco.com domain name
property intellectual admission name rule1 http proxy
!
!
!
!
control-dot1x system-auth
!
!
!
!
!
!
Profile relief aid
IP access-group Policy1 in
rule1 admission IP
!
pvst spanning-tree mode
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
!
!
!
interface FastEthernet1/0/1
switchport access vlan 142
switchport mode access
!
interface FastEthernet1/0/47
switchport access vlan 142
switchport mode access
dot1x EAP authenticator
self control-port dot1x
relief aid dot1x
!
interface Vlan1
no ip address
Shutdown
!
interface Vlan142
IP 10.1.254.1 255.255.255.0
!
IP classless
!
peche1 extended IP access list
allow udp any any eq bootps
deny ip any any newspaper
!
Server RADIUS attribute 8 include-in-access-req
secret key of acct-port 1645 auth-10.1.254.187 - RADIUS server host port 1646
Server RADIUS ports source-1645-1646
RADIUS vsa server send authentication
!
control plan
!
!
Line con 0
line vty 5 15
!
end
Try adding this:
analysis of IP device
In addition, if you want your users to web-auth to use DNS to resolve URLS, you probably want to add something like this to Policy1:
allow udp any any eq field
Don't forget that you need to wait until the 802. 1 X times out (90 seconds by default) for Web-Auth to kick.
Shelly
-
Web authentication WISN and COMMENTS
I have a WISN and we use open web Cisco
authentication with a user's e-mail address.
When executing this CLI command:
> config network secureweb disable
> save config
> the system
This will make the web authentication come HTTP instead of HTTPS?
This command is for managing the unit.
However it used to be a workaround when you disable HTTPS and SSH and you restart the WLC web authentication will be displayed as http and not https.
Let me know if it works for you
-
2112 WLan controller and Point of access LAP1042n issue
Hello
I recently bought a 2112 a Wlan controller a number of LAP1042n Ap of the AP will not join the command and the message I get in the console of the AP, it is that the AIR-WLC2100-K9-6-0-199-4.aes firmware does not support this model? Can someone please verify that this is the case?
Firmware AIR-WLC2100-K9-7-0-98-0.aes to overcome this problem?
Thanks in advance
David
Yes, 7.0 doesn't suppoert he...
CHECK THE RELEASE NOTES for more details...
http://www.Cisco.com/en/us/docs/wireless/controller/release/notes/crn7.0.html
-
Autonomous AP's web authentication
Hi, I would like to know if it is possible to make comments of web authentication to the single autonomous access point?
I've done web authentication for comments on the WLC with lwapp AP successfully.
Please notify
Sent by Cisco Support technique iPhone App
Hello
It is notsupported on autonomous Infrastructure... But I guess that the REDIRECTION IP can do the job, but I have not tried but!
Let me know if this naswered your question and please remember to note the useful messages!
Concerning
Surendra
Maybe you are looking for
-
HP Z600 basic workstation: 3.1 in a workstation Z600 Usb Adapter
I would like to know if the Z600 will support the 3.1 USB card and if so, do I need for installation?
-
How to work offline mode in firefox 8.0?
There used to be an option in the file menu. He's gone
-
Trying to access Internet Explorer, to get the message to choose a program to open it with
I'm having a problem with my office. I've been tyring trying to access internet and a message popped up that said I had to choose a program to open this file, so I clicked on internet explore, and I couldn't always access the internet. I also have a
-
Win 2008 Server iSCSI San installation
Hi, Im trying to install win server 2008 on a discovered iscsi lun. To do that I need to load my kmdf basic bus driver and one pilot iscsi initiator additional in order to discover the LUNs during installation. Win 2008 has 1.7 kmdf library by defaul
-
"Sound does not play well and seems to be cut in videos with windows media player 11
original title: Windows Vista Windows media player 11, I have a problem with the sound. background noises seem ok. the main sounds a mute. You can hear the main people you can hear the background. Please help me solve this problem.