cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
809
Views
14
Helpful
9
Replies

Web Redirect

anasubra_2
Level 1
Level 1

Hi All,

We created a WLAN on WLC and used web authentication for their authentication.Whenever a wireless user tried to connect to this WLAN and tried to access any web page,it would be redirected to the web login page defined on the web authentication page in WLC.

We are trying to find a way,where we would be able to redirect to a page where it provides some security policy and if the user accepts the same by clicking on "I agree" button,then they should be seeing the user login page.

How to acheive the above.

Any help would be appreciated.

Thanks

Regards

Anantha Subramanian Natarajan

9 Replies 9

sabhasin
Cisco Employee
Cisco Employee

You'll have to use web policy's "passthrough" mode, under L3 settings of the particular WLAN.

Hi Sabhasin,

Thank you very much for the reply ....We explored that option,but it seems,it directs to the acceptance policy web page and once the user click on accept it gives access. We would like the user to input username/password after accepting the policy.

Kindly let me know,if our understanding is wrong.If the understanding is right,Do you have any solution fitting with our requirement.

Once again,Thanks

Regards

Anantha Subramanian Natarajan

anasubra - it'd help to know what controller code you're running. Anyways, the way i see it, you can explore three options:

1. Use the on-board splash page, that presents the terms and conditions, and has options for login/password

2. Use the passthrough option (with email input field)

3. Use an external web-auth server

Examples of each are available on Cisco.com (look for "controller guest deployment", or similar terms).

Sabhasin,

Thank you very much .........Hopefully will try to get done with the external web-server option specified .........

I have a question regarding this,When I was reading through the use of an external web auth-server,I am understanding that,whenever the wireless client tried to connect ,it would be redirected to the external web server address and then it would be send back to controller for login page.

I am thinking,in the external web server address,we would be able to provide the accept/deny page and once the user click on accept,it would be redirected to the controller for login page. If the above understanding of mine is right,how the external web server redirects back to the controller for login page??--How that mechanism works ........

Thanks

Regards

Anantha Subramanian Natarajan

if i understand correctly, you'd like this to be a two step process? This won't be possible since, if you're using external server, that'll be doing the authentication as well (and then just tell the WLC if the client passed/failed) to change the state to run or not. I'm not sure why it has to be a two-step process though? You could display your policy on the WLC itself, and the login fields will be below that?

Thank you for the comment ............We are looking to display a page with policy and then buttons to click "accept" or "Decline".If the user clicks accept ...Then the login page should be displayed ..Is that possible to do it ........

Thanks

Regards

Anantha Subramanian Natarajan

Hi,

I had the exact same requirement, you need to implement a simple 'hack' to do it. I cant recall the exact command list but here goes...

1) Create a jpeg image with your terms and conditions in a 'customwebauth' bundle (tar file) with a login.html page. If there is no login.html then I believe it fails.

2)Upload the customwebauth bundle to the WLC as per the standard procedure.

3)Select to use the default login page with the text box and accept buttons. In the title field, embed the image that you uploaded as part of the customwebauth bundle, e.g. conditions.jpg and use your virtual ip address, e.g 1.1.1.1

https://1.1.1.1/fs/customwebauth/conditions.jpg>

Important!! - You must use pure html codes for the tags as when the WLC boots up, it recognizes that you are trying to embed html code in it and will revert the configuration back to nothing.

I cant give you a sample of the codes I use here as it will not display correctly.

So in essence, you are embedding your T's and C's as in image of the subject line.

It may take a few times to get the html codes right but always reboot and watch the command line as it will tell you if html has been detected.

Good Luck

Hi John,

Thank you very much ... Will try that .

Regards

Anantha Subramanian Natarajan

You can also achieve this behavior if you use something like pfsense or monowall as the network gateway for your wireless network

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: