Using Splash screen WPA2 network

Unanswered Question
Sep 24th, 2010

I was using Document 100787 as a guide.

1. I have  1252 & 1142 AP's  connected to the Wism (6.0.188.0 code)

2.  FWSM I have a 4402 (6.0.188.0 ) appliance connected as my anchor.

3. ACS is ver 4.2

All of my wireless networks function as expected. I see the successful auth in ACS. I just built a new WPA2  network and set it up to use Splash screen redirect. It doesn't seem to matter what I do it just wont work. IE or  Mozilla.

Test 1 was to drop the users at the wism. There was no splash screen.

There was no evidence of my url-redirect in the wireshark trace.

Test 2 used the 4402 as my anchor point with the same results.

In both cases the client was authenticated  and was able to navigate the internet and other duties.  The problem is apon opening the broswer there is no redirect.

Any thoughts ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
michael.lussier Fri, 09/24/2010 - 12:32

Here is a look at the trace

see attached.   This was the point of interest

*Sep 24 15:22:48.073: 00:0b:cd:5a:50:b2 Unable to apply override policy for station 00:0b:cd:5a:50:b2 - VapAllowRadiusOverride is FALSE

b.garczynski Wed, 09/29/2010 - 09:57

I am not sure I understand what you are trying to accomplish. Typically you do not configure L2 encryption such as WPA/2 on web authentication SSIDs. This is because it is difficult to manage L2 encryption on networks intended for guest use or non domain users. If this SSID is for guest/non domain users I would use a PSK and provide that to end users if you need to use L2 encryption. If this is for domain users I would normally use 802.1x for authentication via EAP-TLS or PEAP.

michael.lussier Wed, 09/29/2010 - 10:36

Yes this is a WPA2 AES /802.1x Network. Management has dictated that there must be a splash screen that comes up. Cisco states that this can be done. However I have yet to see how .

b.garczynski Wed, 09/29/2010 - 10:43

I assume you have already enabled the web auth on the SSID under L3 security. Once you are able to auth using L2 can you type the virtual interface IP address of the wlc? It is usually 1.1.1.1 or whatever you chose on install. Issues like this are usually related to DNS. The wireless client must be able to look up DNS names for the web redirect to work. If you are able to pull the splash page with the IP address then it fairly certain you have a DNS issue.

michael.lussier Wed, 09/29/2010 - 10:48

layer 2 WPA2 Policy

WPA2 Encryption

Layer 3

Web Policy

SPlash Page Web Redirect

Yes DNS works

Once the client has an IP and opens the browser they pull up the internet site. Just  no splash screen

b.garczynski Wed, 09/29/2010 - 10:55

Are you able to pull the splash page directly by the virtual IP address? Also, have you had the same result when you set L3 to authentication rather than splash page?

b.garczynski Wed, 09/29/2010 - 11:02

I would try https://1.1.1.1 as well just for testing. The only thing I can think of is that since the WLC already sees the client as authenticated it does not route to the splash page. If you force L3 to require authentication as well does the WLC then present the page and request a password?

michael.lussier Wed, 09/29/2010 - 11:44

I do get the site certificate error page and then I click past it. It bombs out with page not found.

b.garczynski Wed, 09/29/2010 - 11:58

Have you tried creating a new ssid tied to the same dynamic interface using web splash only? This would at least prove if the wlc is serving up the page properly at all.

michael.lussier Wed, 09/29/2010 - 12:43

That is exactly what I have done here. I'm also using a  second ACS 4.2 server as well.

Vinay Sharma Sun, 09/25/2011 - 10:43

Hello Michael,

Please mark the Question as Answered, if the provided information is correct and it helped. By doing that others can take benefit as well.

Thanks,

Vinay Sharma

Community Manager – Wireless

Actions

Login or Register to take actions

This Discussion

Posted September 24, 2010 at 11:07 AM
Stats:
Replies:13 Avg. Rating:
Views:1028 Votes:0
Shares:0
Tags: wpa2, screen, splash
+

Related Content

Discussions Leaderboard