Question of captive portal on WLC2006

I have 6 1231 points that I converted to LWAPs and a new WLC2006 brilliant access. I'm trying to get the internal web login page to work, but it fails when it tries to redirect to the 'virtual' on the WLC interface. I have read the Deployment Guide: Cisco Guest Access using the Cisco Wireless LAN Controller, but I didn't understand what they recommend.

We have a few network ports from our routers configured statically by our central, whether on a VLAN "visitor". All share a subnet "visitor". Previously we just had an open wireless network and let people on this subnet visitor, but now we would like to use this WLC2006 to serve as a gateway to the subnet protected by password visitor. We have an existing DHCP server and the DNS server on the subnet that give us wireless clients that connect.

I have configured the 'management' and 'ap manager' VLAN 0 and interfaces in this subnet and connected to a LWAP addresses him. He is seen and activated by the controller. Also, I have configured our DHCP server address in the interface 'management '. I then enabled Web policy/authentication for security of layer 3 of the wlan visitor that I put in place. The 'virtual' interface has an IP (non-routable) 1.1.1.1.

So now when I try to combine DHCP traffic through. I get an address on the subnet. I open a web browser and it becomes the first Cisco page that contains nothing but a META redirect to https://1.1.1.1/login.html?redirect=google.com which never completes. I guess that's because there is no route to 1.1.1.1 since I am him giving a real road on our network of the domain controller.

What should I do? I tried setting the "virtual" interface to a real on the network, but it doesn't seem to let me assign to one who is in the same subnet as the management interface. I don't think I'll be able to talk the Central COMPUTER people reconfiguring their routers for me, so I would like to make any installation simply on the WLC and our DHCP/DNS servers if possible.

Thank you

Alan

Okay, I'm too late to edit my last post. It happened to me I messed up part.

The client sends a DNS query to its DNS server (say 10.10.10.10), and the controller it intercepts. When the controller proxies the connection, it sends the DNS query on the same server (10.10.10.10), but it sources of AP-Manager or Manager interface (I forget which). It has been a while, but as I recall one of the homes was to be allowed to communicate with the DNS server assigned to the customer. In my situation, IP addresses could not come out through the firewall, so when you tried querying external DNS server forward to get the splash, the controller was not allowed access, and customers the timeout of waiting for an answer.

-Eric

Tags: Cisco Wireless

Similar Questions

  • How can I set up an automatic connection with the captive portals on iOS?

    My public library has a system called Wi - Fi Spot, which requires that employers use their library card number and pin code to connect. They enter this information the first time they connect, and expect that the BONE will retain this information for the next time, they connect. This isn't. I understand that this WiFi configuration uses what is called a captive portal as a front end of connection. My question is, how do I configure the operating system to maintain login information?

    You have activated and completed Autofill? Settings > safari > AutoFill >

    How about you try settings > safari > passwords and by adding an entry for the portal. Assuming of course he has a static URL.

    If you read this manual for iOS Apple's Safari, it seems that Safari will respond to an offer/suggestion by a Web site, but does not have to remember a username or password otherwise. I guess the "when prompted" is a reaction of Safari to a website, not the other way around.

    I also would not assume that their portal invites you to register a user name. As I understand it in web programming, it is not a given.

    FWIW, my library has a similar sign in the program installation, but with their check boxes to remember my user name and PIN code. He worked for 4 weeks and then resets. When asked, they say it's a safety thing.

  • Need help, troubleshooting a LAN hotel (captive portal)

    This problem is not specific to Firefox, but I'm trying to see how I can use Firefox debugging features to solve a network problem. I stay in a hotel in China that uses a so-called "captive portal" to authenticate individuals before using the network. (This means that his first action navigation is redirected to the web page of the hotel for entering login information - as is often done in cafes, etc.). Using my own laptop, the redirect works if I use wifi and fails if I use the network cable (Firefox and IE both give the same result). I want my PC to work in both cases (and, in fact, it worked the day before by using a network cable to another location in the same hotel chain, which also uses what seems to be the same system of redirection). The hotel staff showed me that a PC provided by the hotel will work with the cable. So from their point of view, something is wrong with my PC, and from my point of view, something is wrong with their network. I need to know who he is.

    I enabled HTTP logging in Firefox on my PC. I noticed a cycle of GET requests where a URL has been hardcoded URL several times (so ':' becomes '% 3A', which becomes 'a 253% ', then '% 25253A', etc.). For GET requests get longer before reaching a limit, I guess... the end result being an error '400' ('bad request'). Because their servers are initially redirects, I can only assume they have a bug causing this repetitive URL encoding. But, mysteriously, the PC provided by the hotel does not have the problem (and neither does my PC when using wifi). As far as I know, Firefox and IE both fail in case of failure, and both are successful in the case of success, then I do not suspect the browser.

    My goal is to fix my system (if that is where the fault lies) or show the hotel staff which is the fault in their network (by demonstrating that the fault can occur even without my PC being involved). Effort on the PC provided by the hotel of troubleshooting is limited by the fact that, once authentication succeeds, I can't induce it expires, so I can't experiment a lot with the mechanism of redirection using this PC. Any ideas?

    Try this: go to your Control Panel then network and sharing Center then click on change settings card on the left side. Right click on your Ethernet-> properties, and then select internet protocol version 4-> properties and click on obtain an ip address automatically and obtain dns server automatically.

  • LAPN600 captive portal 401 errors

    I have the following configuration:

    • (2) LAPN600 APs with 3 ESSID configured, one of which is a captive portal.
    • ANNUAL has the latest firmware and has been configured with this version of the firmware.
    • The captive portal is on vlan 100and firewall rules allow access to ports 80 and 443 on the address of vlan native 1 to the captive portal landing page.

    I discovered a problem where the user receives an "unauthorized 401 - Access denied" error immediately after the connection, trying to load the captive portal landing page.  This happens on all types of devices (Windows, Andorid, iOS).

    I don't think that it's a firewall rule because it is able to load the page with the error 401.  There seems to be an internal bug in the AP, rejecting clients without any apparent reason.  This happens on the two Access Points in the building.  I made a screenshot of the error packets and see that the device performs a normal redirect:

    597 54.008251 10.1.100.146 10.1.0.3 627 GET HTTP /portal/signup.cgi?client_mac=ccfa00e9a571&sessionid=128e2d1284&url=http://connectivitycheck.gstatic.com/generate_204 HTTP/1.1

    and a 401(k) is returned:

    602 54.021614 10.1.0.3 10.1.100.146 66 HTTP HTTP/1.1 401 Unauthorized (text/html)

    When I roam between access points, I have to authenticate again to launch page which should, however, about 50% of the time when I roam, I get this 401 when you try to load the page of launch of the new access point.

    Any help is appreciated.

    Thank you!

    I recommend that the captive portal be on VLAN1 there is a known issue with having it on a default VLAN.

  • Captive portal AP541-N?

    Hello

    I was reading a lot of previus discussions, but I still understand if I can do it!

    I don't know that "HTTP redirect" can be used to send to the external web site, but I can use that authentication?

    If it is not possible, can I use this access point in some controller?

    Thanks in advance.

    .

    Hello

    I also wanted to add that compared to the WAP121 and the WAP321 that only the WAP321 takes in charge the captive portal and not the WAP121 but they cluster always between them well when you run a certain firmware (do not know if they are released with a newer firmware that already has cluster option or not). Links to the form below if you would like more information on these products. So if you were wanting to buy an AP for the captive portal the WAP321 would be the way to go.

    WAP121: http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12236/ps12250/c78-697404_data_sheet.html

    WAP321: http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps12237/ps12249/c78-697406_data_sheet.html

    Hope that helps out.

    Thank you
    Clayton Sill

  • WAP321 - captive portal in 2 VLAN different

    Hello

    I have a Wap321 installed in my network.  IP: 192.168.0.36 - VLAN 1

    If I'm in the local network, I don't have any problem to use the wireless.

    I just added a guest VLAN for people who need to connect Internet, without access to the network. So I install a second SSID and label with vlan 50. I can access the Internet.  But if I want to active the captive portal, I can't access it because the address is in the VLAN 1 (or 192.168.0.36).

    How can I configure my Wap321 having the captive portal in the VLAN 50, and not in the VLAN 1?

    Thank you

    Alex

    Hi Alexander,.

    For interVlan on ISA5510 setting, yes the same security settings is the first step to enable this function runs. This article will help you configure InterVlan routing.

    https://supportforums.Cisco.com/thread/2035882

  • WAP321 captive portal - impossible to set up the guest network connection

    Hello community.

    I use two WAP321 with the latest Firmware (1.0.6.2) in a cluster.

    Both are connected to a switch SG300-10 (FW: 1.4.1.3) in Mode of L3.

    The switch is connected to a router RV130 (FW: 1.0.2.7).

    The router has Inter-VLAN-routing active and static routes for my VLANS configured.

    To one of the Interfaces of the router is a connected DNS/DHCP server that manages the resolution of names and the dynamic distribution of IP4 for my network.

    In my network, I have different VLAN for customers, management, server, test and the WLAN clients.

    So far so good.

    I have install on the WAP321 cluster, an intern (VAP0) and a guest WLAN (VAP1) using the Setup Wizard.

    Delivery of DHCP and DNS lookups are ok for two wireless LANs.

    Settings WAP VLAN and IP4 address are:

    -untagged VLAN: enabled

    -untagged VLAN ID: e.g. 3

    -Management VLAN ID: the same without tag VLAN ID

    -IPv4 parameters are static in the ip range of the VLAN untagged

    -DNS server are set to manual for a server in VLAN 4 and to 8.8.8.8

    My problem is that I can connect to the WLAN comments but I never get the captive portal login screen.

    The First-Instance Association captive portal is set to VAP1.

    The Configuration of the Instance in captivity 'Vérification' is located in the local.

    A group and users are configured.

    The customer obtain an IP address in the host IP address range VLAN and can search names and IPS, e.g. www.cisco.com.

    If I try to open a Web site, and then I get the message that the server did not respond.

    Impatience on your part.

    Best regards

    Rainer.

    That's great. I'm glad to hear that.

    Eric Moyers

  • Captive portal RV120W?

    Hi all

    Not sure if I'm posting this in the right way/area so sorry if I'm wrong.

    Anyone know if there is anyway to run the captive portal on Cisco RV120W?

    I have multi sites and launch it on the RV180W to one and have a site with RV120W and would like to mirror the site of 180.

    Any help would be much appreciated.

    Thank you.

    Captive portal is not supported on RV120W or RV220W.

  • captive portal url that refers to a domain name

    in a pilot project, during the setup of initial installation ISE, I configured a local domain. After installation, I then changed to use a domain name business resolved by the DNS server in the company, but even if the console accepts the new domain and the ISE GUI shows the new correct FQDN, I have problem with captive portal page resolution because the redirect url created automatically by the ISE for the CWA are still called the ISE with the old domain used in the initial configuration thus creating a problem to resolve the url.

    The only reason I can think, present at the client cert is always composed the old FULL domain name. As we changed the domain name, you must generate a new certificate and install it on the ISE so that CN must match the new FULL domain name.

    Jatin kone
    -Does the rate of useful messages-

  • Captive portal AnyConnect

    Is there a way to disable this feature?

    I have a client with only a single IP address. Port 443 SSL for a web server, so Anyconnect SSL is now listening on a different port.

    When we changed the port and updated the profile of the customer, the customer think that now he is a captive portal inbetween and requires the user to authenticate first via web. This works very well but is now add this extra step to the process connection.

    I don't understand why Anyconnect (knowledge of the profile that the VPN client is on a different port) is still visibly looking to 443.

    Here, any help would be appreciated.

    You specify the port in the profile but if you change the port you must specify this in the client too.  By default, client AnyConnec will go to 443: here's an example.

  • Question of partner portal

    Hello

    I have a site under my Creative 5 of cloud with an expired domain name. I would like to delete the site, but cannot connect using the domain name. When I try to open a session on the BC portal, which I understand will allow me to remove the site from there, I always wonder what site I want to manage. If I choose the site in question, I get the error server not found message again. How can I see my partner with the list of sites portal without arises when connecting?

    Thank you

    The field of development - YOURSITENAME.businesscatalyst, com/admin or if you connect to businesscatalyst.com/admin - your login information - go to your site.

  • ISE Hotspot / Captive Portal Web with HTTP (not HTTPS)?

    We configure an ISE PoC for a hotspot (guests redirect to a page on the UPA and must click on 'accept') and I was wondering if HTTPS (and CERT, cert chains and stuff) are really necessary for this.

    Maybe I'm missing something obvious, but since there is no real information (passwords, emails, names) transferred, what is the need for HTTPS? Is it possible to allow the plain old HTTP on the portal?

    At the moment this is not possible. ISE is a safety feature and HTTP support for flow rates of construction is not yet on the road map.

    But it's actually a good point. I see little room for an enhancement request to have the ability to disable HTTPS on flows of HotSpots, if there is no (optional) enabled access code since there is no identifying information to protect it during this step.

  • Question about the portal provider report "downloads".

    Hello, I was wondering if there are only new downloads of the app downloads in the App World vendor portal or whether it includes users who have updated from one version to the other.  Like many, I can say there is no indication in the report of whetherits a new download oran to date.

    Thank you

    The numbers of download includes users who are updateing this way.

  • Another portal for mobile

    Hello everyone.
    I use the patch 1.4 ISE 3, flexconnect and CWA for my guests. I am also show posture for guests with agent web (they should have an AV).
    He works for computers and androids, but not for Apple devices (iPhone, iPad,...).
    Trying to do work for Apple devices, I created a new redirection rule for mobile phones (Android and iDevices) that redirect these devices to another portal (without control of posture), but it does not work, because when the user attempts to access the first, before he opens the captive portal and inserts his letters of credence ISE doesn't know that the device is an iPhone. Then this device still hit the default redirect rule that sends the user to my default CWA, which has a posture check.

    If the user tries to connect once more, it works, because now ISE knows that it is a mobile device.

    I would like to know how to identify the device on the first time that it is connected, and then send it to the correct web portal.
    Is this possible? How could I do?

    Kind regards.

    If you run ISE 1.3 or later (recommended current version 1.4 with the latest patch is) then the default state of posture is consistent, this means that if you have not a client provisioning rule for iOS devices (which you shouldn't because there is no support for these types of devices). Ignoring any loading webagent

    It would be the recommended flow, it might even be a document in the support forums already explaining this

    http://www.Cisco.com/c/en/us/support/docs/security/identity-services-Eng...

  • Strengthening and security for Oracle Content & Portal Server

    Hi all

    I developed an Application Oracle WebCenter Portal Framework, which is a public website from the front. There are no requirements for users to connect to the Web site or to contribute any content. All content are delivered through Intranet Portal.

    Static web application resources such as css, javascript and images are checked in Oracle Content Server with the public group. I set the definition of the region and as a WebLogic group check-in and it is defined as a connection of UCM via the Application Framework of portal in Oracle Enterprise Manager.

    I set up Web URL mapped folders to serve my static content (css, javascript, pictures) through the content server that I can access my pictures by clicking using the http://localhost/CS/folder/pictures/filename.jpg 

    Content and portal servers are behind a reverse proxy (Oracle iPlanet Web server), but I noticed there are several defined servlet in the Web.XML as portlets, servlets admin which I think it should be deleted if not used.

    I also put web.xml as zero, connection authentication mode because I don't expect all users to connect to the public Web site. I also defined safety for all groups to be seen only in the hierarchy of the Page options.

    Is there something else I should take note of the strengthening of the security/point of view?


    Hello

    I don't have your question. Intranet portal and portal public face are the same application or different? What authentication using provider?

    Anyone who is not connected to the WebCenter Portal assumes the role of the Public user. Out-of-the-box, the role of the Public user has minimal privileges, i.e. approval of request for an opinion. Be careful when granting permissions to the Public user role. Avoid to grant administrative permissions as Application managing all, Application-managed Configuration or any permission that can be considered useless.

    If you don't want the unauthenticated users to see content marked "public" WebCenter portal, do not grant the permission View Application to the Public user role. When public access is disabled, the public content is invisible to unauthenticated users. In addition, the homepage for WebCenter Portal is not displayed; public users are directed to a login page. Administrators can customize the default login page, if necessary.

    Please check below the administration guide on the permissions of the application

    http://docs.Oracle.com/CD/E29542_01/WebCenter.1111/e27738/wcadm_ps_security.htm#CDDHEAAC

    Please specify on servlet. Also the version of the webcenter portal.

    Thank you

    Amey

Maybe you are looking for

  • iPhone 6 more cover silicone iPhone form 7 more?

    I currently have an iPhone 6 Plus and I bought a silicone case Apple. I just ordered an iPhone 7 more the case still fit it please? I think it was supposed to take the s 6 more but don't know now about 7 more. They look the same size, according to me

  • Satellite L550 - error code 43 for USB

    I have a Satellite L550. There are sometimes problems with the recognition of USB devices. I use Windows7. In Device Manager, I found the error code 43 is displayed under the USB controllers section. I already read on the Internet; the problem might

  • Question about Tecra M5 stops after installation of screen saver

    Hi all Closing became a big problem for my machine since the latest updates on NVIDIA and the change of the device display utility have been applied. This happens only when the screen saver sat. I'm using NVIDIA and MicroSoft Office Manager! Aquarium

  • Sensor mapping VI Express performance degrades over time

    I was trying to make a visualization 3d of some data from the sensor. I did a template and was able to use with the 3d photo tool sensor mapping Express VI. Initially, it seems to work perfectly, and I started to increase the scene with other objects

  • I'm trying to find out if my Windows XP is a 32 or 64-bit.

    Instructions say to click on 'Enter' then click on 'My computer' when I click Enter, nothing in the list that appears who says:'My computer '.  Any suggestion would be appreciated.