Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

CSCug29680 - have to define svi int for vlans to make any webauth redirect work

Anyone been affected by this bug?

i think i have for a customer of mine, very straighforward requirement for an SME Customer:

3 x Cisco 3850 stack acting as MC/MA (latest 3.3.1 IOS-XE Bundle), no second controller for Guest (typical low cost solution), wanted to use L3 WebAuth, have configured correctly i believe (see further below)

IP routing enabled as some inter-vlan routing required, however Guest VLAN no SVI defined as want it going through the Firewall for segregation

No redirect, can't even access virtual-ip e.g.


aaa new-model

aaa authentication login local_webauth local

aaa authorization network local_webauth local

aaa authorization credential-download default local

        aaa authorization network default local

parameter-map type webauth global

   virtual-ip ipv4

parameter-map type webauth guest

   type webauth


wlan guest 3 guest

     client vlan 50

     no security wpa

     no security wpa akm dot1x

     no security wpa wpa2

     no security wpa wpa2 ciphers aes

     security web-auth 

     security web-auth authentication-list local_webauth

     security web-auth parameter-map guest

     session-timeout 1800

  ip http server

  ip http secure-server


Everyone's tags (6)
New Member

I'm also running into this

I'm also running into this bug on 3.3.3SE. Did you ever get this resolved? I suspect Cisco might be loaning me an anchor controller until this is resolved.