Web Auth on wlc5508

Unanswered Question
Mar 28th, 2012
User Badges:

Hello I have à strange problème: ont my new WLC 5508 with the 7.0.116.0 software version, under SECURITY - Web Auth - Web login Page   I want to set web authentification type on "External" but I cannot add an External Web Serveurs. This field does not appear.

Strange, on the wlc 4400 with the same software version I d'ont have this problme. Somebody have an solution for that?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Amjad Abdullah Fri, 03/30/2012 - 05:23
User Badges:
  • Red, 2250 points or more

Can u try see global web-auth config under security tab? Is it the same on both controllers or different?


Sent from Cisco Technical Support iPad App

Scott Fella Fri, 03/30/2012 - 06:20
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Can you try to choose custom and then hit apply then try to choose external?  Can you post a screen shot?

sysadm_uvsq Fri, 03/30/2012 - 07:31
User Badges:

Thank you for your answers.

Finally I found the answers. It seems that the configuration for series 5500 is different from  4400  even both have the same software version. On the  5500 series it is  mandatory to use the preauthentication access control list instead    the external Web authentication server.


The screen shots, that can help the others :

So  on the  wlc 5500


For this model, the next step is to configure the the preauthentication access control list to permit the tcp connection for the IP adress  x.y.z.w


like hier:  http://www.cisco.com/image/gif/paws/71881/ext-web-auth-wlc.pdf



On the old (already) wlc 4400



"When using an external web server for web authentication, some of the WLC platforms need a pre−authentication ACL for the external web server (the Cisco 5500 Series Controller, a Cisco 2100 Series Controller ,Cisco 2000 series and the controller network module). For the other WLC platforms the pre−authentication ACL is not mandatory. "


from

http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70users.html#wp1049273

Amjad Abdullah Fri, 03/30/2012 - 08:31
User Badges:
  • Red, 2250 points or more

Although 4400 controllers don't need pre-auth acl, they need another command to be used instead. This command is not available on 5500 controllers.

I forgot the exact command but it starts with "config custom-web".

There was something like the word "webauth" after that.

The document was not accurate and we asked doc team to modify it but even after modification it is not now clear.


'''sninp'''

When using an external web server for web authentication, some of the WLC platforms need a pre-authentication ACL for the external web server (the Cisco 5500 Series Controller, a Cisco 2100 Series Controller ,Cisco 2000 series and the controller network module). For the other WLC platforms the pre-authentication ACL is not mandatory.


However, it is a good practice to configure a preauthentication ACL for the external web server when using external web authentication.


'''snip'''


The above is not accurate. It is either to use pre-auth acl or the command. Without acl or command external page it will not work (tried it in practice and this is why we asked them to amend the 3 documents the had for web auth configuration).

The point is 4400 controllers have that command but 5500, 2100 and WLC module do not.


I have no access to wlcs at the moment or I would have checked the exact command for you.


HTH.


Amjad



Sent from Cisco Technical Support iPad App

sysadm_uvsq Fri, 03/30/2012 - 08:45
User Badges:

indeed, I aleready tried  to use this  command:


(Cisco Controller) >config custom-web ext-webserver add


I can use it on the 4400 but it is no more available on  5500.

Amjad Abdullah Fri, 03/30/2012 - 10:18
User Badges:
  • Red, 2250 points or more

Exactly. This is the one.

It has the same effect as creating pre-auth ACL.

Either ACL or this command should be used. Without any of them external web-auth will not work.


Amjad

Actions

This Discussion

 

 

Trending Topics - Security & Network