WLC526 Web-Auth?

Unanswered Question
Feb 18th, 2012

I have a WLC526 running sw version 4.2.61.8 that I finally got around to installing in my shop for testing after sitting on the shelf for several years.  Since it's now out of warranty and I'm no longer certified getting the latest sw version isn't possible so I'm stuck with the version it shipped with. 

Questions:

1,  How do we change the web log in page from https to http?  No guest wants to get confronted with a certificate error page so https doesn't make sense.

2,  The virtual interface used for Web-Auth provides for a DNS Name but if I set a name it won't resolve and the log in fails.  If I delete the name it uses the assigned IP instead and works fine.  How do I get the DNS Name to work since it looks more professional? 

3,  When changes are made to the WLC I was initially just applying the change and then saving the config but it appears for some of these changes to take affect I have to reboot.  It this correct or am I just missing something.

Again some of these issues are probably addressed in the subsequent sw releases but since my device sat in a box for 3+ years I missed out on the opportunity to upgrade and now TAC is telling me { (no contract || no warranty == no software) }, despite the fact that this device reached its EOL.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
viningele Mon, 02/20/2012 - 08:07

1, haven't looked into this yet but it seems everybody is just changing the certificate on the controller.

2, This was a ball buster but I finally got it.

     in my DHCP Pool for the WLAN

    

     ip dhcp pool DHCP-P-v90 

            no import all

            ! set dns server of vlan to itself ex. 192.168.90.1

            dns-server 192.168.90.1

    

     I eliminated the import all and set the DNS to itself.

     In the WLC for the virtual interface I have:

             WLC > controller > interfaces > virtual:

                     IP Address: 1.1.1.1

                     DNS Host Name: vav-guest.com

     In CLI for the UC520 I did:

          UC520(config)#ip dns server

          UC520(config)#ip host vav-guest.com 1.1.1.1

          UC520(config)#ip domain lookup

     Now my domain name set for the virtual resolves and I get the certificate warning pop up so I'm happy.

     Previously I could only get the login by deleting the domain name.

3, After reading the WLC man again and agian it states certain changes like the virtual IP addresses and Domain Name need a reboot to  take affect.  Sometimes I guess I need to slow down and actually read what I'm reading.

Since I've only been working with cisco CLI for a week now (I did work with it a little a few years back) I was trying stuff with NAT, ACLs, DNS Servers, etc not really knowing what the heck I was doing.  I don't think I'm the first and only dumb SOB to come across this and it sure would have been nice if this was searchable problem with a posted solution. 

viningele Wed, 02/22/2012 - 17:37

1,  continued

The web auth issue was a little more complicated then I expected. After following instructions in this link

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml

I was able to get to step 3 of "Generate a CSR" and then realized it was going to cost a good bit of money to continue since I'd need to use a third party like Verisign which is a CA service for fee.  Since this is just my work bench demo gear that wasn't about to happen. 

I decided to try pursuing my initial desire of changing the https and to plain http.  I had tried changing the management setting, disabling https, apply, save, but that didn't seem to work so I changed my forum search string to something a bit more specific on the subject and found what I was looking for.  Of course this led me back to my 3rd issue, when to reboot for a change and not.  Tried again, this time rebooted and that annoying certificate warning is now gone.

From a newb's perspectivie this is alot like being a blind dentist, I have to just keep pulling teeth until I find the right one. It's really putting my a nal OCD w/ ADD into overtime.

txlombardi_2 Sat, 04/14/2012 - 13:35

I have been desperate to get rid of that certificate error page on the WLC 526.  In your last post in this thread you said you did it.  How?  Please, post the steps or at least a link to the document or forum posting that showed you how to do it.  I will be eternally grateful.

viningele Sat, 04/14/2012 - 14:08

The answers right in my last post.  In the WLC's web gui management setting you just disable https, click apply, click save but you have to reboot afterwards for the change to take affect.  That's where I was screwing up.

txlombardi_2 Sat, 04/14/2012 - 15:13

Thanks.  I was looking for the setting on the Web Auth menu on the Security page.  I disabled SSL, but won't know the results until I can either go to the customer site or talk with someone who tries to access the wireless guest network.

Actions

Login or Register to take actions

This Discussion

Posted February 18, 2012 at 10:37 AM
Stats:
Replies:5 Avg. Rating:
Views:539 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard