Guest Access using Cisco NAC 3310 Guest Access Server

Unanswered Question
Oct 12th, 2009

We currently purchase a Cisco 3310 in hopes of using it so people could self register themselves to get on a Guest Wifi. We initially roled it out with default lobby ambassodor but the help desk became overwhelmed. We are looking to have public users self register themselves to the Wifi.


Here is what i have.

I have got it to work where users are redirected to the NAC Guest Access server and successfully create a username password. There is an option in the User template on the NAC server for autologin. I also have that checked so the user can just click the submit button. When we click submit it says invalid username password. I know the WLAN is correctly configured because if i change the WLAN redirect page to the internal default i can login just fine with the credentials i just created.


So finally what is it i am missing. I am confused on how redirecting to the NAC server and the basic snippet of code Javascript will communicate back to the Wism controller since my browser is on the NAC???? TAC has been NO help in this at all. Any help is really appreciated.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
moles3144 Mon, 10/12/2009 - 17:42

Yes, we can get the sponsor to work no problem its the self registration/self service giving us fits.

moles3144 Mon, 10/12/2009 - 20:08

Yes we have. So I have been really digging on this and when you go to a external webauth it still looks to send the username password back to the WLC. I have an internal doc from Cisco that say

"Login request is sent back to the action URL of the controller web server."

By default when setting up the WLC i used the 1.1.1.1 ip for the virtual interface. Currently 1.1.1.1 is not advertised in my network so how the heck would the NAC send the request back to it?? (Sorry thinking outloud). According to my understanding the switch_url is what its looking to send the credentials back too...Sooo should I modify my virtual IP to be something that is routable on my network?

If your lookin in the below URL which is what id get redirected too and after filling out my self service.

https://nac.guestwifi.com/sites/Guest/selfservice.html?switch_url=https://1.1.1.1/login.html&ap_mac=00:22:90:93:25:80&wlan=MAS&redirect=www.google.com/


The switch_url part is what send the post to would need to be reached via the nac. Right now 1.1.1.1 is not..


Thoughts?

Lucien Avramov Tue, 10/13/2009 - 09:11

I'm not sure if it uses the virtual port. We could do a tcpdump on the nac server and see from what ip the request comes.


If indeed it's 1.1.1.1, then let's change it to a routable IP and try.


I have personally not done such config in the past.

Actions

This Discussion

 

 

Trending Topics - Security & Network