WebAuth LOCAL with Wireless Lan Controller and ISE
Greetings,
We intend to set up a centralised comments with sponsored webauth wireless network. I didn't know that this will not work with our current WLC code (6.0.199.4) as 7.2 or later version is required.
We have a project to upgrade the WLCs but he won't be ready before the deadline for the completion of the reviews wireless.
I am using local WebAuth temporarily until the WLCs are ready. My questions are:
1. am I correct that I can still authenticate ISE?
2. Since local webauth does not cost support, does that mean I can't apply a pre or post auth ACL?
3. can someone point me to a good guide for configuring local webauth?
Thank you!
Hi Leroy,
In CWA you can push the AVPs desire in the final result because of the nature of the flow:
-Comments will connect to the SSID.
-WLC send wireless MAB ask (1st authentication). In response, ISE returns accepted with url-redirect-acl and redirect url.
-WLC updates the client session and once http (s) generated WLC redirects the customer to ISE according to AVPs received at the 1st auth(MAB request).
-The customer enters the identification information in the portal. ISE valid creds and refers to WLC one type COA to re-authenticate.
-WLC re authenticates the client (2nd authentication) session, and at this point ISE can support AVPs custom as names of VLANS, Interfaces or space air dynamic ACLs.
-WLC overrides the client session with the new attributes.
Local Web Auth as you mentioned, there are 2 steps but the WLC "considers" cela a single thread.
To the LWA, the flow is as follows:
-The client connects to the SSID. Since there is no involved L2 auth client through DHCP, captures an IP and arrives at WebAuth_Required. Redirect URL is configured statically on WLC and pre auth ACL allows client access to ISE during the auth phase.
-Customer opens the browser and WLC redirects the customer to ISE, but breast of redirection, there is a 'return to WLC' action which indicates to ISE to send customer WLC virtual IP containing identification information of the client used for auth in portal comments.
-In this way the WLC now "knows" the handed creds to ISE and this way there is a formal request from RADIUS WLC sends to ISE asking these creds. ISE links in return an accept, and this is how the WLC now "knows" that auth is correct and she should move client to RUN.
LOA of the simplest way would be to define an Interface of comments and statically applying a restrictive ACL at the level of the interface rather than wait the AVP of AAA server.
LWA is supported in this version at very low level and basic, but if you want a complex flow involving the pusher of the dynamic attribute you will need something higher to 7.2.110.0.
Recommended version would be 7.6.130.0 as for now.
Kind regards
Antonio
Tags: Cisco Security
Similar Questions
-
Are Cisco 1130ag APs compatible with Cisco Wireless LAN Controller virtual?
Are Cisco 1130ag APs compatible with Cisco Wireless LAN Controller virtual?
It's... AP compatibility depends on the code that runs on the WLC. This is a matrix that is a good reference.
http://www.Cisco.com/en/us/docs/wireless/controller/5500/tech_notes/wire...
Sent by Cisco Support technique iPhone App
-
Wireless, lan usb and pci is not installed
Hi, I just bought a new g001sx 15 HP and installed Windows 7 Professional 64 bit. After you install the operating system of my lan wireless, LAN, USB and PCI devices is not installed, I don't know what to do. installing drivers atheros already tried and it didn't work. I have already inserted an image that shows that some of my drivers are not detected. Thanks in advance.
Hello:
Here are links to the drivers you need...
First install the amd chipset drivers and reboot. You want the first file on the Web page.
This will install the smbus and usb 3 controllers.
http://support.AMD.com/en-us/download/chipset?OS=Windows%207%20-%2064
Then, install the beta amd radeon catalyst graphics driver.
http://support.AMD.com/en-us/KB-articles/pages/latest-catalyst-Windows-Beta.aspx
If the amd chipset driver does not install the usb controllers as advertised 3 that he would, and then download and install these two...
Ethernet controller: DL and install the 2nd driver on the list.
PCI device: DL and install driver 1st on the list.
In order to provide me with the wireless driver which you are interested, please do the following...
Go to Device Manager and click on the network controller needing drivers.
Then click on the Details tab at the top of the control of the network window.
Now, you see a drop-down list of property and it is set by default to the Description of the unit.
Drop down on it and select the second item in the list (Hardware ID).
After the first string of characters that start with PCI\VEN.
-
Routing using Wireless LAN Controller
I was wondering if Wireless LAN controller (5508) can manage routing? This is our problem.
We have a remote site, where we have bunch of 2900 series just pass. The router belongs and is managed by the provider of the PHONE company.
We would like to install a controller (5508) and as the controller would make the delivery for the following subnets:
The company 10.10.10.0/24 network
Guest network 10.10.20.0/24
Mobile (iPhone / iPad) 10.10.30.0/24
Management Interface (AP) 10.10.40.0/24
Is this possible? Or we need a layer 3 switch or a router that can do the routing for wireless controller.
If possible, we prefer NOT to use the TELCO routing router subnet wireless?
DS
Unfortunately is the WLC a diverter. It is layer 2 only.
Steve
Sent by Cisco Support technique iPhone App
-
Cisco Wireless Lan Controller 2504
Hello:
Hello; I lost the password to my wireless LAN controller. Everything was fine until a few days ago and now can not identify.
Is it possible to recover. The model of controller is AIR-CAP2602E-A-K9, the software version is 7.4.110.0.Please, anyone, help me.
Kind regards.
Fernando.
Check this box:
http://www.my80211.com/Cisco-WLC-CLI-commands/2009/12/27/recover-your-WL...
Concerning
Remember messages useful rates
-
Satellite Pro A100 - problems with wireless lan networks
Hey all,.
I have a problem with my laptop. It is able to connect to a wireless lan network, but is not able to properly - use this conection means: he do not get connection to Web sites or download data...
I already have the latest drivers, but it's not helping...
You have an idea? Could this be a problem with my wireless LAN card? What can I do?Thanks in advance
DOM
Have you tried a BIOS update?
This you will find also on the Toshiba site:
http://EU.computers.Toshiba-Europe.comYou have disabled all the security features for testing?
I mean hidden SSID, MAC address filtering and so far. Maybe that's the problem.Check also if the router has the new firmware. You can find it on the site of the factory
-
Problems with the Ethernet controller and PCI Satellite L30-10 X device driver
HelloW!
Sorry for my bad English, I'm from the Russia.
A few days ago, I bought Satellite L30 - 10 X with W Vista on board. In my opinion, that this OS does ' t very good on this computer, so I install W XP.I have some problems with drivers. At first, I don't know which model I have: PSL30 or PSL33? I have download all the drivers for the two models. But after installation, computer doen't find the drivers for the Ethernet controller and PCI device...
Hello
Satellite L30-10 X belongs to the series of PSL33E. This number located on the label on the bottom of the device!
You must choose this number in the form of driver download for XP compatible drivers.
I put t know why you are not able to install the LAN driver. I have the same laptop with Vista and I've install the XP and all the drivers will work perfectly.I assume that you have installed the drivers in the wrong order. Please take look in the Toshiba installation instructions txt file. In this order, install the driver! This is important.
I think that you should install XP again to ensure that the registry clean, then download and install the XP drivers compatible as mentioned in the installation instructions file.
Good luck
-
I just bought a new PC (foxconn) who has a 802.11n wireless Lan card, my connection is very poor but my connection on my laptop compac and iPad are excellent. Is there a way I can get a better connection with this lAN card?
Hello
Check with the assistance of FoxConn, their documentation and online drivers. Don't assume new products
have up-to-date drivers.Are all Windows 7 computers?
The router may also need a firmware update so check with its creator.
I hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">
-
Cisco 2112 and Apple TV Airplay wireless LAN Controller
Hi all
I'm having a problem with the help of iTunes, iPhones, and iPads on our wireless network. We have the WLC 2112 and 10 1142N WAP. If I do a network scan, I can see the Apple TV and port 5353 is open, which is Apple's morning service. However, if I try to play the music/video on iTunes, or on an iPhone/iPad, I don't see the Airplay icon. If I connect to the local network, the Airplay icon appears immediately. I created an allow all the rules in the ACL, but still no dice. Any help would be greatly appreciated.
THX
Benm
This Solution has been added in the following document
https://supportforums.Cisco.com/docs/doc-21728
If you have enabled IGMP snooping. To the title of controller, you have too many active multicast and multicast address?
-
Trouble with wireless LAN - SP L10
Hi all.
First of all, I'm not very technical so forgive this post. I have a Satellite Pro L10 and I have a problem with my wireless internet connection. I continue to be disconnected or the router shows me that plugged and I can't access a web page, etc.
I also have a non-Toshiba laptop that works fine when this happens to my L10. Makes me think it's something to do with my wireless card.
This is a common problem with these books, or I have a problem and how can I solve this problem?
Thanks for your time
Alan
Hello
I have the same problem with my EQUIUM L40. I just updated the driver of network (following an update from Toshiba) but the problem persists. I have a PC connected to my router and I have the impression that the problem with the wireless connection to the laptop is not so bad if the PC is turned on. I intend to call the helpline for advice. I will update here if I get anywhere. -
Compliling VI in LabVIEW with cRIO-9004 controller and chassis cRIO-9104
I tried to compile in LabVIEW with cRIO 9004 and cRIo-9104 connected.
It has three options
(1) use the server local compilation.
(2) to connect to the network compile Server
(3) to connect to the service of LabVIEW FPGA cloud compile
But I'm unable to compile my program using one of these.
How can I get my compilation made? Help, please.
Thanks YouCp
Service provider shared's Standard Service program is an annual fee of NOR, which in turn allow you to update your modules and LabVIEW and benefiting from the support of NEITHER.
-
1042 q with PXI 8360-controller and maps of Pickering
Hello
I have a 1042 q with a PXI-8360 controller chassis and some maps of Pickering.
Connected to the XP - PC with a PCI-e-card-
Installed is only neither Max nor-PXI, Ni-Visa...
Now the question is how to set up the chassis in the 4.7 or max?
In Max, I see a line with PXI system (unidentified) under "Geräte und interfaces". I tried to load some of the deliverered ini with pxi OR cd files, but I can't control anything.
Can someone me a gibe hint what to do?
I have doenloaded a pickering Web site pipx40vpp.zp file which should cover all my map of pickering a has also a few frontpanles.
But at the start of the frontpanels it says "no card detected". I think I must first of all put in correct place in the max.
Thanks for any help
Thank you very much for the help.
Problem is now solved:
The main problem was that the PCIx1 slot is not working. I put the card in an another PCIx slot and then he worked at the same time.
I found this trick here:
http://digital.NI.com/public.nsf/allkb/05B7131814A5DDA38625710F006BB098?OpenDocument
Try different PCI or PCI Express locations in the host PC for you MXI interface.
The algorithm that use certain BIOS has best behavior in certain time slots than others.Maybe someone will need it in the future.
-
Problem with wireless - Vista Network and Sharing Center does not recognize my connection!
I use the Home Visa software and my network and sharing Center does not recognize my connection but I can access the internet without any problem. Previously, I was using a wireless router Linksys with an old box of AT & T internet with no problems. The problems started after I updated my AT & T internet box that made obsolete the linksys router and now the network share does not connect. I just have the problem of getting the network and sharing device recognizing that I am actually connected to a wireless network. I can't use my printer or share files with other people. I can't get my wireless printer to work if I restart my computer and I have the documents I want printed already sent to the printer. My network and sharing Center also works very well for a few seconds when I start my computer then it turns off again.
Hello
Method 1:
Windows wireless and wired network connection problems
Method 2:
You can also view the related items for more information.
The problems of Internet connectionhttp://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-Internet-connection-problems
Network connection problems
http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-network-connection-problems
Solve problems, find wireless networks
http://Windows.Microsoft.com/en-us/Windows-Vista/troubleshoot-problems-finding-wireless-networks
Method 3:
Setting up a wireless network
http://Windows.Microsoft.com/en-us/Windows-Vista/setting-up-a-wireless-network
Wireless network card: frequently asked questions
http://Windows.Microsoft.com/en-us/Windows-Vista/wireless-networking-frequently-asked-questions
See also:
Connect to a network with Windows Vista wireless
-
Setting up autonomous HA - SKU Wireless Lan Controller
Hello
I ordered an AIR-CT5508-HA-K9. It is not match with WLC assets and there is no permanent AP license on this HA - SKU.
I wonder if I can make any configuration or perform the software upgrade on the standalone HA - SKU?
Thank you.
You can do both, but you can use this HA - sku only for SINGLE sign-on or N + 1. You can not use both as independent because you will get an error after 90 days.
-Scott
Evaluate the useful ticket *.
-
wireless lan controller, allowing lag
Hi all
I used more than 47 ap on my 4402, and now he usually adds more, if I activate LAG happens with a WARNING saying it will delete all my interfaces, current - this true? or if I activate LAG it should still work as before?
see you soon
Carl,
Activation of LAG does not remove interfaces. So, if you activate the OFFSET and reboot, you should be fine. Alternatively, you can configure another AP-Manager and bind it to the other port.
See you soon,.
Steve--
If this helps you or answers to your question if it you please mark it as 'responded' or write it down, if other users can easily find it.
Maybe you are looking for
-
faulty graphics card may adversely affect startup iMac?
Hello My iMac 24 "2008 beginning, which I've recently equipped with an SSD (running El Cap) to replace the original HD, is does not start. The boot process gets stuck on the white Apple screen, about a 1/3 to the top of the progress bar. The screen g
-
When you use Safari on my system Mac Pro 8 core early 2008 if will freeze with no other way to free it up it's close with the power button. Any ideas?
-
I want to save data in a binary file. This VI takes into account several channels and displays them in a bar chart. The generated waveform out with precision, but the generated text file does not save the data. It's only a few characters long, and I
-
newbie on a vi Lottery question
I was through the forum and found a few ways to do this, but I have a problem of table: I put mine to generate five initials and door numbers upward award-winning "powerball", but my question is how can I get the table five to see each number in anot
-
Best printer for perforated vinyl
Hi im a designer and im interested in printing on vinyl (preferably perforated vinyl) I am looking for a small printer not too much just make some small designs with good picture and details. Would be nice if it could also cut the design. I hope you