Web Redirect

Unanswered Question
Mar 4th, 2008

Hi All,

We created a WLAN on WLC and used web authentication for their authentication.Whenever a wireless user tried to connect to this WLAN and tried to access any web page,it would be redirected to the web login page defined on the web authentication page in WLC.

We are trying to find a way,where we would be able to redirect to a page where it provides some security policy and if the user accepts the same by clicking on "I agree" button,then they should be seeing the user login page.

How to acheive the above.

Any help would be appreciated.



Anantha Subramanian Natarajan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (4 ratings)
sabhasin Thu, 03/06/2008 - 07:18

You'll have to use web policy's "passthrough" mode, under L3 settings of the particular WLAN.

anasubra_2 Thu, 03/06/2008 - 18:50

Hi Sabhasin,

Thank you very much for the reply ....We explored that option,but it seems,it directs to the acceptance policy web page and once the user click on accept it gives access. We would like the user to input username/password after accepting the policy.

Kindly let me know,if our understanding is wrong.If the understanding is right,Do you have any solution fitting with our requirement.

Once again,Thanks


Anantha Subramanian Natarajan

sabhasin Sat, 03/08/2008 - 18:56

anasubra - it'd help to know what controller code you're running. Anyways, the way i see it, you can explore three options:

1. Use the on-board splash page, that presents the terms and conditions, and has options for login/password

2. Use the passthrough option (with email input field)

3. Use an external web-auth server

Examples of each are available on Cisco.com (look for "controller guest deployment", or similar terms).

anasubra_2 Thu, 03/13/2008 - 05:13


Thank you very much .........Hopefully will try to get done with the external web-server option specified .........

I have a question regarding this,When I was reading through the use of an external web auth-server,I am understanding that,whenever the wireless client tried to connect ,it would be redirected to the external web server address and then it would be send back to controller for login page.

I am thinking,in the external web server address,we would be able to provide the accept/deny page and once the user click on accept,it would be redirected to the controller for login page. If the above understanding of mine is right,how the external web server redirects back to the controller for login page??--How that mechanism works ........



Anantha Subramanian Natarajan

sabhasin Thu, 03/13/2008 - 07:36

if i understand correctly, you'd like this to be a two step process? This won't be possible since, if you're using external server, that'll be doing the authentication as well (and then just tell the WLC if the client passed/failed) to change the state to run or not. I'm not sure why it has to be a two-step process though? You could display your policy on the WLC itself, and the login fields will be below that?

anasubra_2 Fri, 03/14/2008 - 11:46

Thank you for the comment ............We are looking to display a page with policy and then buttons to click "accept" or "Decline".If the user clicks accept ...Then the login page should be displayed ..Is that possible to do it ........



Anantha Subramanian Natarajan

johnc@peppersto... Wed, 06/18/2008 - 22:23


I had the exact same requirement, you need to implement a simple 'hack' to do it. I cant recall the exact command list but here goes...

1) Create a jpeg image with your terms and conditions in a 'customwebauth' bundle (tar file) with a login.html page. If there is no login.html then I believe it fails.

2)Upload the customwebauth bundle to the WLC as per the standard procedure.

3)Select to use the default login page with the text box and accept buttons. In the title field, embed the image that you uploaded as part of the customwebauth bundle, e.g. conditions.jpg and use your virtual ip address, e.g>

Important!! - You must use pure html codes for the tags as when the WLC boots up, it recognizes that you are trying to embed html code in it and will revert the configuration back to nothing.

I cant give you a sample of the codes I use here as it will not display correctly.

So in essence, you are embedding your T's and C's as in image of the subject line.

It may take a few times to get the html codes right but always reboot and watch the command line as it will tell you if html has been detected.

Good Luck

anasubra_2 Thu, 06/19/2008 - 03:12

Hi John,

Thank you very much ... Will try that .


Anantha Subramanian Natarajan

ericgarnel Thu, 06/19/2008 - 05:53

You can also achieve this behavior if you use something like pfsense or monowall as the network gateway for your wireless network


This Discussion



Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode