Can we setup whitelist on WLC

Answered Question
Jul 13th, 2012

We have enabled web Auth for our public access on Cisco WLC 2504. It works fine. However, if a wireless user opens his email with download pictures website, he can’t get the picture download until he accept the web policy. Our users complaint about that. Here is our vendor reply.

"Our application makes requests to the internet to check for and download pictures, etc.  The problem is that web requests are not permitted until a user has opened his/her web browser and attempted to go somewhere (e.g. google) so that your security system can redirect them to the authorization form where they must click the “accept” button. If the user has not done this yet, any functionality in our app that requires an internet connection won’t work because the security system is blocking the requests.  Unfortunately, since they’re not in a web browser at the time, it doesn’t redirect them to the authorization page - the request simply fails since a redirect doesn’t have an effect on the application like it would a web browser. My ideal suggested remedy would be, if possible, to whitelist web requests to the server(s) where our code and/or images will live and let them get around that restriction.  Otherwise, users won’t understand why the app isn’t working unless they try and open a web browser first – which is probably not something I’d expect them to do.  With this solution, you could still ensure that nobody is accessing the internet at large without accepting your terms – but they could access your website as well as our application’s functionality  seamlessly."

Can we setup whitelist or something like that on WLC? If yes, how?

I have this problem too.
0 votes
Correct Answer by Scott Fella about 1 year 8 months ago

Mostly used for externam webauth requirements.

Create a Preauthentication ACL

When using an external web server for web authentication, some of the WLC platforms need a pre-authentication ACL for the external web server (the Cisco 5500 Series Controller, a Cisco 2100 Series Controller ,Cisco 2000 series and the controller network module). For the other WLC platforms the pre-authentication ACL is not mandatory.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (1 ratings)
Scott Fella Fri, 07/13/2012 - 19:37

It should work... Keep us posted.

Sent from Cisco Technical Support iPhone App

blin@chicagobot... Mon, 07/16/2012 - 12:34

Hi Scott,

I follow the link to create Access Control LISts (you can find my step by step setup on this page: Configure Access Control Lists on Cisco WLC: http://www.howtocisco.com/cisco/wireless/wlan31.htm ). I thought this is the solution, but it doesn’t work. The picture doesn’t show up. I also try this. When the web auth popup, I discard it and just type the website I set in the Access Control list, but it swicth back to the web auth page. What could be the problem?

Scott Fella Tue, 08/07/2012 - 04:22

I thought it might work, but I guess the wlc will not present another web page other than the web page to login. I don't think there is a way around that.

Sent from Cisco Technical Support iPhone App

Correct Answer
Scott Fella Tue, 08/07/2012 - 06:41

Mostly used for externam webauth requirements.

Create a Preauthentication ACL

When using an external web server for web authentication, some of the WLC platforms need a pre-authentication ACL for the external web server (the Cisco 5500 Series Controller, a Cisco 2100 Series Controller ,Cisco 2000 series and the controller network module). For the other WLC platforms the pre-authentication ACL is not mandatory.

Actions

Login or Register to take actions

This Discussion

Posted July 13, 2012 at 5:39 PM
Stats:
Replies:9 Avg. Rating:5
Views:716 Votes:0
Shares:0
Tags: wlc, setup, can, we, whitelist
+

Related Content

Discussions Leaderboard