Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
808
Views
0
Helpful
1
Replies

Web-auth slow MAC-OS

fabianwickman
Level 1
Level 1

‎11-27-2015 07:25 AM - edited ‎07-05-2021 04:18 AM

Hi all,

We are running web-auth on a cisco 550 WLC. The login page is located locally on the WLC.

As we all know, apple devices have a feature where it senses if it is connected to the internet when it connects, if not it sends a http-get that will open the web-auth-login page automatically.

This feature was not working very well for iOS-devices, because our login-page dissapeared before you could finish typing your credentials.

So we enabled the "config network web-auth captive-bypass" to force the iOS user to open a browser to be redirected to the login-page. This all worked fine...

However, on a MAC-OS-device, which worked fine before, now takes extremely long time to be redirected, and sometimes not redirected at all.

Here is a debug web-auth on a MAC-OS-device:

*emWeb: Nov 27 14:07:45.373: SSL Connection created for MAC:b8:e8:56:11:b1:4a

*emWeb: Nov 27 14:07:45.503:
                             ewaURLHook: Entering:url=/, virtIp = 1.1.1.1, ssl_connection=1, secureweb=1

*emWeb: Nov 27 14:07:45.503: Replaced url / with  /login.html

*emWeb: Nov 27 14:07:45.503:
                             ewaProcessWebAuthRedirectFlag: Calling getUrl_https_redirect redirect flag 1

*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Preparing redirect URL according to configured Web-Auth type
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- got the hostName  for virtual IP(portal.wireless.malmo.se)
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Checking custom-web config for WLAN ID:1
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Global status is disabled, checking on WLAN web-auth type
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Web-auth type Customized, using URL:https://portal.wireless.malmo.se/fs/customwebauth/login.html
*emWeb: Nov 27 14:07:45.503: b8:e8:56:11:b1:4a- Added switch_url, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html
*emWeb: Nov 27 14:07:45.504: b8:e8:56:11:b1:4a- Added ap_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52
*emWeb: Nov 27 14:07:45.504: b8:e8:56:11:b1:4a- Added client_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:8
*emWeb: Nov 27 14:07:45.504: b8:e8:56:11:b1:4a- Added wlan, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea
*emWeb: Nov 27 14:07:45.504:
                             ewaProcessWebAuthRedirectFlag: getUrl_https_redirect Succeeded

*emWeb: Nov 27 14:07:50.113: SSL Connection created for MAC:b8:e8:56:11:b1:4a

*emWeb: Nov 27 14:07:50.127: SSL Connection created for MAC:b8:e8:56:11:b1:4a

*webauthRedirect: Nov 27 14:07:50.616: b8:e8:56:11:b1:4a- received connection. client socket = 109

*webauthRedirect: Nov 27 14:07:50.617: b8:e8:56:11:b1:4a- trying to read on socket 109

*webauthRedirect: Nov 27 14:07:50.617: b8:e8:56:11:b1:4a- calling parser with bytes = 186

*webauthRedirect: Nov 27 14:07:50.617: b8:e8:56:11:b1:4a- bytes parsed = 186
*webauthRedirect: Nov 27 14:07:50.617: captive-bypass detection enabled, checking for wispr in HTTP GET, client mac=b8:e8:56:11:b1:4a
*webauthRedirect: Nov 27 14:07:50.617: captiveNetworkMode enabled, mac=b8:e8:56:11:b1:4a user_agent = Mac OS X/10.10.2 (14C109)
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Preparing redirect URL according to configured Web-Auth type
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- got the hostName  for virtual IP(portal.wireless.malmo.se)
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Checking custom-web config for WLAN ID:1
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Global status is disabled, checking on WLAN web-auth type
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Web-auth type Customized, using URL:https://portal.wireless.malmo.se/fs/customwebauth/login.html
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added switch_url, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added ap_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added client_mac , redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:8
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Added wlan, redirect URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- http_response_msg_body1 is <HTML><HEAD><TITLE> Web Authentication Redirect</TITLE><META http-equiv="Cache-control" content="no-cache"><META http-equiv="Pragma" content="
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a-  parser host is init-p01st.push.apple.com
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- parser path is /bag
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- added redirect=, URL is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea:80&
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- str1 is now https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_mac=1c:1d:86:52:ea:80&client_mac=b8:e8
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- clen string is Content-Length: 487


*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- Message to be sent is
                                                                                HTTP/1.1 200 OK
Location: https://portal.wireless.malmo.se/fs/customwebauth/login.html?switch_url=https://portal.wireless.malmo.se/login.html&ap_
*webauthRedirect: Nov 27 14:07:50.618: b8:e8:56:11:b1:4a- send data length=798
*webauthRedirect: Nov 27 14:07:50.619: b8:e8:56:11:b1:4a- Web-auth type External, but unable to get PerProfile URL
*webauthRedirect: Nov 27 14:07:50.619: b8:e8:56:11:b1:4a- cleaning up after send

*webauthRedirect: Nov 27 14:07:50.619: 1476 - b8:e8:56:11:b1:4a- closing socket= 109

Any ideas?

Labels:
0 Helpful
1 Reply 1

Scott Fella
Hall of Fame
Hall of Fame

‎11-27-2015 09:09 AM

Are you saying that is was working fine for a while and all of a sudden its not?

So we enabled the "config network web-auth captive-bypass" to force the iOS user to open a browser to be redirected to the login-page. This all worked fine...

However, on a MAC-OS-device, which worked fine before, now takes extremely long time to be redirected, and sometimes not redirected at all.

post your show version and show wlan <wlan id>

Just to add, Apple users are use to having the device open a browser and this might cause issues with end users.  Even on Windows 10, that opens a browser automatically.  If disabling the bypass fixes the issue, then I would suggest you disable that and allow the OS to do what it's suppose to do. 

-Scott

-Scott
*** Please rate helpful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card