local web authentication fails

Answered Question
Jan 20th, 2009

hello experts!!!

i'm having trouble making clients authenticate locally on a 2106 controller with ios v.4.1.171.0.

do i need a radius server to be able to do local auth.

also the auth login page does not appear automatically when i open a browser and type www.cisco.com or any other url.

i have to type in vip 1.1.1.1 to be able to bring up the login in page.

is this how it supposed to be for this particular code.

thanks for any input... really appreciate it.

I have this problem too.
0 votes
Correct Answer by wesleyterry about 7 years 10 months ago

Fella5 is on to something here.

The only times I've ever not been redirected to the web-auth page (but I could type 1.1.1.1 to get there) was when DNS was not resolving.

DNS didn't resolve a website address, and therefore IE didn't actually make a webpage request for the web-auth to hijack...

Correct Answer by Scott Fella about 7 years 10 months ago

It seems like you have a configuration issue on the wlc. If you can access the web prior to enabling webauth then you should have no issues getting the web page... unless you have a proxy? If you enter 1.1.1.1 and get the webauth page, then it looks like dns isn't working or maybe your homepage is an https secure page. Try google.com or something like that.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Scott Fella Tue, 01/20/2009 - 10:26

It seems like you have a configuration issue on the wlc. If you can access the web prior to enabling webauth then you should have no issues getting the web page... unless you have a proxy? If you enter 1.1.1.1 and get the webauth page, then it looks like dns isn't working or maybe your homepage is an https secure page. Try google.com or something like that.

Correct Answer
wesleyterry Tue, 01/20/2009 - 17:51

Fella5 is on to something here.

The only times I've ever not been redirected to the web-auth page (but I could type 1.1.1.1 to get there) was when DNS was not resolving.

DNS didn't resolve a website address, and therefore IE didn't actually make a webpage request for the web-auth to hijack...

pirateoftheairwaves Thu, 01/22/2009 - 06:54

thanks, fella5 and wesleyterry

Now, it works after the DNS was made reachable from the wlc. the browser is directed to the internal web-auth login page before gaining access to internet. cool!

Now something is wrong again... hehehe... the guest user account disappears on the local db after its session has expired... say, 5 minutes.

can a guest user account be retained on the local db along with the time limit, so that everytime a guest comes by, the account will not be created again.

thanks-a-banks!!!

wesleyterry Thu, 01/22/2009 - 07:04

I'm not sure what exactly you're asking. But if you create a Guest user with the expiration (timeout?) set to 0 for that user, does that fix your problem?

pirateoftheairwaves Thu, 01/22/2009 - 07:37

tried the 0 timing but the guest will have unlimited time session like a legit user.

i wanted to set guest accounts, say guest1=1hour, guest2=2hours, guest3=3hours. and that these accounts should not be deleted automatically when their times expire. so the next time a guest comes to the office i can just choose guest1,2 or 3 account to allow him to use the internet.

also i notice that after creating the guest account, its timer starts and continues regardless whether i use the account or not. and eventually, deleted after it reached the time limit.

did i get through...

thanks-a-banks!!!

Actions

This Discussion

 

 

Trending Topics - Security & Network