cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1499
Views
0
Helpful
6
Replies

WLC 4400/Web Authentication and proxy autodiscovery

Rutger Blom
Level 1
Level 1

We have a guest-SSID where people authenticate via the build in web authentication and RADIUS.

We use proxy autodiscovery (WPAD, DHCP option 252) in our network and this works on the guest-SSID, but only after the authenticated user closes and opens Internet Explorer. It seems that restarting Internet Explorer triggers the WPAD discovery process.

My question is if there is a smarter way to push proxy settings to guest users without user invention? How did you solve this?

Regards,

Rutger

6 Replies 6

gmarogi
Level 5
Level 5

Does the WLC pose any message at its console while the IE browser window is reopened and the porxy discovery worked??.

Enable debug output on the controller and send me the capture you find. I will trace it for clear understanding of the root cause.

Hello,

What do you suggest we debug on?

Rutger

Richard Atkin
Level 4
Level 4

The reason you need to restart IE is because the WLC will be blocking the initial discovery messages from IE to Proxy because the user won't have authenticated yet. When the user authenticates, closing / opening IE triggers the discovery messages thruogh, which are now allowed to pass to the proxy.

The most fool-proof way I've come across is to use Transparent URL Redicection. This is something you can setup on a PIX / ASA, but requires a compatible WebProxy / WebFilter - I've used WebSense, but I believe other products should work too.

Lots of documentation about how to achieve this via CCO.

Regards,

Richard

kingsclererider
Level 1
Level 1

Hi,

I am planning deploying something similar to you. (I have just posted a question based on this!!!). The behaviour you are experiencing is how I would expect WPAD to work. WPAD occurs when the browser opens however it is blocked until authentication has occured. Open a second browser after you authenticated means that the WPAD message is passed through the WLAN controller. Do you use the integrated web authentication or do you use an external web-server. My thoughts are that the external webserver could open a second web-browser once the 'logon' button has been pressed.

Regards

Marcus

Hello,

We are using the integrated authentication web. I was able to solve this problem by using the DHCP WPAD discovery method where the WPAD-URL is sent in the DHCP-reply. This information is then already in place before the web authentication occurs.

Are you familiar with that? Otherwise I'll be glad to post the configuration here.

Rutger

Hi Rutger,

Thanks. I am not familiar with this so would be grateful for the configuration.

Cheers

Marcus

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: