cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1001
Views
5
Helpful
4
Replies

Web Portal Guest Authentication

etienne.simard
Level 1
Level 1

I am finding conflicting information on Web Portal Guest Authentication. I would like to confirm that the guest username and passwords are encrypted (via https) between the client and the WLC during the redirect to the Virtual interface (1.1.1.1 in my case).

What I found in a configuration document is as follow.... "Web authentication is supported only through HTTP. HTTPS is not supported. Because web authentication is tied to the management login on the controller, HTTPS login for management must be disabled and HTTP for management must be enabled.”

But at the same time, when looking at authentication page examples in the some config guides, the redirect page address is https://1.1.1.1 and not http://1.1.1.1

Could someone confirm to me if the username and password are encrypted when exchanged between the user and the WLC?

Your support is appreciated

Thanks

Etienne

4 Replies 4

Scott Fella
Hall of Fame
Hall of Fame

Since you are using an ssl cert (Cisco or a 3rd Party), it is encrypted between the client and ap. Traffic from ap to wlc is not encrypted. Encryption and decryption is handled by the ap.

Hope this helps.

-Scott
*** Please rate helpful posts ***

cdeeds
Level 1
Level 1

This is kind of a late reply, but if you are interested in my two cents; I've learned that with the WLC guest authentication you can have either SSL or HTTP enabled for the user authentication.

If you have SSL enabled, the auth page defaults to the encrypted https://1.1.1.1 url, hence the auth page is encrypted along with the credentials entered onto the page.

I found this out when trying to get rid of the self-signed certificate errors users would get when they first authenticate on my guest wireless network. It's a pain to get a trusted cert working on this setup, so I just opted to use HTTP. The drawback to this, however, is that my web management connection to my anchor WLC is HTTP.

CDeeds,

Your feedback is appreciated. I am also stumped on how to get a trusted cert for the https://1.1.1.1 URL. I'd be surprised if any trusted authority (GoDaddy, Verisign, etc) would hand out a certificate to a host with the name 1.1.1.1.

If anybody else has any ideas on how to get a trusted certificate on this thing, please let us know. It drives my users nuts to have to click 'I accept' to a homemade certificate.

Hi,

If you go to virtual interface and open its properties, you can add address to which should wlc redirect insted of 1.1.1.1. This domain should be used for cert and should be translate to 1.1.1.1 by DNS.

Cheers

Greg

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: