redirect web-auth comments

Hi guys,.

I'm having some problems with getting the web-auth redirection to work properly.

Basically, I set up an SSID with authentication of layer 3 and the customer's IP via DHCP, the DHCP server is configured on a win 2008 Server (192.168.10.18).

After the client connects to the network wirelessly with web authentication, it got a valid IP address, can I open a web browser and access www.google.com, then it does not redirect me to the authentication web page requesting my credentials.

I did an "ipconfig/all" on the client and found that I have the correct gateway and the DNS server IP address is 192.168.10.18, on the DNS server, I also have an entry called 'wlc2112' that is pointing to the IP of an another 2112 WLC with 1.1.1.1. If I type "http:wlc2112" in the browser, then I can get redirected to the correct web auth page with https://wlc2125.wirelessdomain.local/login.html?redirect=wlc2112 in the url and ask for credentials. the wlc2125 is another entry that I configured in the DNS as well, it is also the WLC I configured the SSID for web authentication.

If I type the IP address of the WLC in the url I also redirected to the web page of auth.

It seems to me that if we type something which cannot be resolved by the DNS (192.168.10.18) server, then the redirect page falls down, so I just want to ask if it is a behavior expected or there is something I have to do with the configuration? I think I missed something here, as in the example of config on the Cisco Web site, he used google.com as an example and GraphiqueP correctly.

any comments would be much appreciated, thanks in advance for your time and your help.

Andy,

This is the expected behavior.  If the URL cannot be resolved, the WLC won't start screen.  The DNS query is mandated by the WLC, and if it does not get a valid line, you see what you see.

See you soon,.
Steve

--

If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.

Tags: Cisco Wireless

Similar Questions

  • Activate the Session Timeout - comments web-auth

    Hi all

    Just a quick. If this period expires when you use web-auth on a wlan of comments in the following way

    PC - Ap - WLC (campus) - anchor WLC (DMZ) - www

    Fact leap web session and the user will be redirected to the authentication web page?

    Thx a lot indeed.

    Ken

    The Ambassador Hall may specify the time during which the comments user accounts remain active. Once the deadline is passed, the guest user accounts expire automatically.

    For the more detailed description the following guide to manage the accounts of user may help you

    http://www.Cisco.com/en/us/docs/wireless/controller/5.0/Configuration/Guide/c5users.html#wp1048408

  • Urgent - NAC + ACS + Web-Auth in Wired environment - https redirection - certificate problem

    Hello world.

    I'm seting of an environment that uses Web-Auth for my cable and wireless. I followed the exact steps in this page of Cisco to run:

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6638/app_note_c27-577490.html

    I'm only testing environment wired right now.

    I plug a PC on a port, and I try to access a Web page of randon (for example, www.cisco.com). It is automatically redirected to the authentication page. I type the user name and password, but when authentication is successful, it goes automatically to the https version of the page, which brings me to the problem. I should add an exception (more on this option on the IE Web page) to this page to continue with the authentication and gain access to the internet. I enclose the steps I must perform:

    I think that it is linked to the certificate, but I'm not sure who or where. I would like to get some advice on your part to avoid this problem. I have no intention to buy all certificates, so if I could jump the https would be great.

    Thanks a lot for your help

    Victor Alves

    If you don't want an official cert, you must go to http only. But this means that people paswords will transit in the clear on the network.

    It's been long that I tried, but not is not remove 'ip http-server secure' do the trick?

  • ISE web auth for other than cisco switch (D-link 3528)

    Is it possible to use ISE (posture inline node) to redirect to portal comments ISE wired users?

    And wired users will get full network access after they pass the web auth.

    Hello

    Theoretically, it could work if the switch is able to send all the attributes in accounting packets, such as IP address and mac address by asking the station id. If the attributes are missing or incorrect, the iPEP ISE will never create the session (see show pep session table).

    That said, who probably never have been tested, so you may want to reconsider your design, there is no guarantee that this can still work.

  • Registration of ISE1.2 MAC after LDAP web-auth

    Faced with a situation where we just do a simple one time registration of the MAC address after a person authenticates successfully web-auth using LDAP.

    It is very similar to guest authentication, but I do not know how to customize the other portal for this group of users, so I do not affect the current Portal of comments.  Is there a better way?

    I am considering the following sequence:

    1. the user trying to connect wireless for the first time and is redirected to a web page to enter the LDAP credentials

    2. the user authenticates successfully credentials and ISE adds MAC address of a group of endpoint of the ENDPOINT "VALID."

    3. the next time that the user tries to access wireless, they are connected flawlessly, but what happens is ISE sees their MAC in the group "Endpoint INVALID" and MAB of them on the network.

    It looks a lot like the configuration of the portal comments, but I don't know how tell you him to register the MAC with a group of endpoint.

    Thanks in advance,

    Mike

    You can save the device via the device with mac address registration portal and it will be added to the endpoint group "registereddevice".

  • Active Directory users are authenticated web-auth (web-auth has only LOCAL users)

    Hello

    I have a model WLC 4404 with software version 4.2.205.0.
    I have 2 SSID: Wireless and invited
    -Wireless: using [WPA + WPA2] [Auth (802. 1 X)]
    -Guests: use Web-Auth

    In the guests of SSID (WLAN-> Edit > AAA security servers I have not all enable server - option there is NOT and not activated-).

    I do not understand that the request for authentication is attempted ONLY locally to the WLC but not in the ACS (ACS has been configured in security-> RADIUS-> authentication).

    When a user authentication Web Page inserts user and password of SSID wireless (users who need to be authenticated in Active Directory via ACS) it is authenticated.

    I need to change this behavior.

    There are a few options depending on what you are using the code.

    6.0 and higher, there is an option in the WLAN directly, select only LOCAL.

    5.2 below, under Radius authentication servers, uncheck the box for the user of the network.  This check box allows the WLC to use the servers in the world, which means that if it is not precisely defined under the WLAN, it can / will still be used

  • WLAN controlled WEB AUTH, what is the session re-checked after initial authentication?

    I intend to use the Web (with external server) on controller Cisco WLAN authentication.

    Unfortunately, I have none not one with which I can experiment and impossible to find the following information in the documentation.

    Once a user authenticates successfully the first time, when authentication is performed again?

    Is - this periodical? Or maybe specified in the message of acceptance of access?

    Thanks for your help.

    I do not think that something is done in the background / transparant when the session timeout occurs.

    If RADIUS sends you a Timeout for the Session of 30 minutes, then 30 minutes the WLC puts the client in a State of Web Auth required yet. In which case, they will have to open the Internet browser and send the credentials again (manual process).

    The session timeout is a hard-stop to force re-authentication...

    The access-request/access-accept (as I know) is only for full authentication.

  • Web Auth customization (data type icon download?)

    I recently installed 7.5 WLC and began a Web Auth customization base.  I did my usual CLI commands to download my image when I discovered a new option, tranfer download data type icon.  I tried to download a small picture to see what it would change, and I don't see anything in particular.  Nobody knows what that change? (No it has not changed Cisco logos anywhere in the graphical interface, at least that I could see)

    (Cisco Controller) > transfer download datatype?

    code download an executable image on the system.
    config download Configuration file.
    eapcacert download a certificate from CA eap on the system.
    eapdevcert download a certificate of dev eap on the system.
    icon download an executable image on the system.
    image upload a logo on the web page on the system.
    ipseccacert download an IPSec certificate for the system.
    ipsecdevcert download a certificate of dev IPSec for the system.
    Login-banner download controller login banner. (Text only file supported: Max 1500 bytes & 18 lines, printable characters not unsupported)
    signature download a signature for the system file.
    webadmincert download a certificate of web directors on the system.
    webauthbundle download a package webauth customized for the system.
    webauthcert download a certificate web portal on the system.

    Hey Robinson,

    Sorry for the delay...

    Download transfer data type icon

    is the new order introduced on the WLC and especially for Mobile Concierge we have... it has more to do with the generic advertising Service 802.11U and please visit-

    http://en.Wikipedia.org/wiki/IEEE_802.11U

    This to load the icon for GAS on the WLC and nothing has to do with the connect/disconnect webauth pages...

    We will ensure this is documented on the cisco properly guides...

    Please let me know if that answers your question

    Concerning

    Surendra

  • How to generate CSR on switches for web auth with NGS

    Hello

    I do solution dot1x with web auth on switches cisco 3750.

    Once the wired customer put in the web authentication status (after dot1x and mab) and goes to a website, he receives a certificate warning. This is because as the switch cisco selfsigned certificate.

    I want to use a verisign certificate to resolve this error, but I can't find a way to generate a CSR on a switch. I only found a guide how to request a certificate from a CA on the local network, but it is also not a solution, because the customers with the help of web authentication, won't the internal certification authority.

    Is it possible to fix this?

    Greetings

    Steven

    Hi Steven,

    The document below is really for IOS SSLVPN, but the part of the certificate must be the same:

    http://www.Cisco.com/en/us/prod/collateral/iosswrel/ps6537/ps6586/ps6657/white_paper_c07-372106_ps6657_Products_White_Paper.html

    Search for the 'Annex B' and it goes into the creation of a trustpoint and then a section for the self-signed and another is to generate a certificate request to send to an external certification authority.

    Once created a trustpoint command to actually generate the CSR is "crypto PKI enroll."

    This document goes into a bit more details on orders of the person and what they do:

    http://www.Cisco.com/en/us/docs/iOS/sec_secure_connectivity/configuration/guide/sec_cert_enroll_pki.html

    Also, you can use something external to the switch as OpenSSL to generate the CSR and private key and then use it to request a certificate from your Verisign CA and then import the cert/key pair in the IOS device.

    Thank you

    Nate

  • 5508 loading cert for web auth

    I have web auth enabled on the WLC so when clients connect, they get a cert error because it uses a self signed cert.  I was reading upward on obtaining a third part cert and he tells have openssl and then generate the cert and send it to a third-party CA etc.

    All the links that you can share would be very useful, explaining best practices and to load a cert of third party on the WLC 5508 for web authentication.

    Why can't just get a cert from them for our domain and simply load on the WLC?

    Hi Mohammed,.

    Here are the two links that are like the bible to generate certificates...

    http://www.Cisco.com/en/us/products/ps6366/products_configuration_example09186a0080a77592.shtml

    http://www.Cisco.com/en/us/Tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

    Depends on whether you use Chained or chained UN CERT... Following the link above will help you to get the problem resolved!

    Let me know if this answers your question!

    Concerning

    Surendra

  • Redirect WLC Web Auth URL point to a strategy ISE only NŒUD?

    Hi all

    I was wondering if the Auth Web configured in the WLC redirect URL can only point to a knot of ISE Persona in politics so the portal (see below) in the ISE is active only when the device of ISE is this active political figure.

    It is called

    Political character of Services

    and the node is called

    Policy Services node (PSN) (if there is no other character set on the node).

    I would say that your assumption is right. The character of the Administration and supervisory personnel are not able to host the portal my devices.

  • redirect Web does not work on WLC5508

    Hello, please I have configured WLC 5508 to support comments VLANs mapped to virtual and associated with guest ssid wlan interface.

    on ssid comments I enable L3 security with web policy. authentication and passtrought does'nt refirect web page for authentication.

    I can get dhcp DHCP param trought pool for the vlan correct comments.

    additional information: I see that the control sending a bad ip address redirection.

    WLC management interface is 10.7.1.10 and I saw 10.7.4.10. I remember that this last ip was intended, such as adding the ip of the dns server, but I don't see where I can change it?

    the IP dns configured on the pool is 10.7.1.10.

    Please any idea for this problem?

    Apart from the question of Surendra, I think your config looks totally bad :-)

    You say just the DNS in IP pool is the WLC management interface. Which makes no sense and will prevent webauth to work normally.

    You also say that you attach your comments interface to the virtual ip address? Why is this?

    I think it would help if you post a 'run-config show' of your WLC so we can check for errors.

    Nicolas

  • Redirects Web pages of spam

    I think that the option to block advertising on iOS should work on all browsers, including browsers in app. Please make sure!

    I say this because on my iPhone and iPad and the new iPad Pro, web pages have been redirected to spam sites. It happened on Safari, Chrome, and browsers in app. Initially, I thought it was my ISP since initially using VPN seemed to work (I think, I wasn't desperate so for more robust testing). Then I thought it was a router problem, because briefly using another router allow me to display the page rather than redirect the it. But then to change routers has no importance. You would think that all routers must have been infected, but I do is not facing any link redirection on the same routers on my work laptop and an another old Windows laptop (my MacBook is currently out of service). Then I activated the ad block in Safari and I have not had a simple redirect since then.

    And this isn't a site or only a few who cause problems.

    I decided to post this today because I clicked on a link in Twitter which opened in application; After the page loaded or loaded almost and I started reading it redirected me spam site. I used my cell Internet and it redirected there too. But when I clicked quickly "open in Safari" extension, there is no redirection in Safari (there adblocking on). I returned to the browser as a Twitter app, and the problem was still there. Backwards, do pages not redirect in Safari but redirect in browsers in app. So the problem is not with my ISP or my router or even one or two sites specific. It is with something else and adblocking is the only thing that seems to work so far.

    does anyone have a better solution than all the real estate of blocking? It starts because I blocked initially free ads a little when this option came and so there is a cookie that tells me what adblocker even when I'm not blocking and use more aggressive techniques? They also record the IPs or other broader identifiers because I never activated ad block on my new iPad Pro but due after that redirects to start?

    Looks like you got an infection malicious cookie on your browser from a Web site that you have visited. This is normally easy to fix.

    For Safari, try to reset the it. Close Safari completely from the window of the selector app by double clicking the Home button and slide up the preview pane of Safari until it disappears from the display. Then go to settings > Safari > clear the history and data from the Web site. Then perform a forced reboot. Hold down the home and Sleep/Wake buttons simultaneously for about 15-20 seconds , until the Apple logo appears.

    For other browsers, you can remove them from phone, do a forced reboot and then reinstall them.

    The above should clear the caches on browsers.

  • Redirect Web Login Page

    Hello

    When I login to windows for 1st the NAC agent installation, I was redirecting to the login WEB page but my windows credentials of the user name and password are not accepted. ???

    Thank you

    It's true.

    After installation of the Agent of the NAC, with you configure ADSSO, the user should be

    Justo to connect to windows and the NAC agent will do SSO by using powers of windows

    used on windows, log in.

    Best regards

  • Redirects Web site and the Windows Security Center Service that cannot be turned on

    I have Windows 7, 64-bit and recently whenever I click on links such as google search I have continues to be redirect to randomly selected sites. Sometimes, I have to click on the link even 10 times just to connect, I wanted to see. In addition, I have a perpetual notification telling me the Windows Security Center Service is disabled and when I try to make it back, I get a message telling me that it cannot be started. Can someone tell me what is the problem and how to fix it?

    Hi Sir sniper,

    which web browser is installed on the computer?

    The question seems to be like a browser hijacking. I suggest you try the steps from the following links:

    What is the browser hijacking?
    http://www.Microsoft.com/security/resources/hijacking-WhatIs.aspx

    Difficulty to your browser hijacked webhttp://www.microsoft.com/security/pc-security/browser-hijacking.aspx

    Note: Microsoft does not recommend that you disable the antivirus protection in most conditions. Disable the antivirus protection that temporarily to restore a computer.

    Come back and let us know the State of the question, I'll be happy to help you. We, at tender Microsoft to excellence.

Maybe you are looking for

  • Failure screen MacBook Air 13

    Hi all Firstly, my apologies because of my English skills. I recently had a problem in my Macbook Air 13 (2014). I was on the internet with Safari and the left side of the screen started to Flash some lights. After a minute or two, 15% of the left si

  • Documents on the hard drive and USB drives are automatically sent to the trash

    Why are some of my documents (files) on my hard drive and external drive is sent to the trash without my consent.  Is there a virus in my Mac the cause? If so, how to solve this problem?  Only selective files are sent to the trash for deletion after

  • Need help to split a string

    Hello IM needing help to cut a string like this... A, B, C, ADV, RAHEEM, MOUSTAFA, Gauthier,... compare letters he's be numbers, but I get by using a string... Need to divide and put each number into a vector, in all positions... Can someone help me?

  • Cannot change SSID on E3000 - option not available

    Hello Bought the E3000 and the ability to change the SSID is not available. Looking at the wireless > BASIC WIRELESS SETTINGS done help button refers to being able to change the SSID here, but this option is not available. Any thoughts? Thanks in adv

  • Drivers Hp 2000-2D50SU

    Hello, I installed 32-bit Hp 2000-2D50SU windous7, but I can't connect to the Internet, what drivers do I need to run the laptop.