Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
813
Views
0
Helpful
2
Replies

Bypass guest webauth for Blackberry Service

Go to solution
kev-matthews
Level 1
Level 1

‎11-22-2010 07:10 AM - edited ‎07-03-2021 07:27 PM

Hi Folks, Our wireless deployment has two wireless networks - one with 802.1x auth for corporate machines and the other is an open one with internet access for guests (but with a web auth page).

What I'd like to do is allow staff to connect their Blackberry handsets to the guest (open) wireless network to collect email from the Blackberry Enterprise Server (it's a lot easier that configuring 802.1x and getting users to roll their passwords each time), I think I can work around this with a pre-authentication ACL to bypass the webauth page for access to the Blackberry Enterprise Server, but I'm a bit confused over the direction of the access list entries. If I added an access list to the WLC which looks like the below - would that work or is the directionality wrong?

The example for the external webauth server I saw had the directionality the otherway around.

Action Source IP/Mask Destination IP/Mask Protocol Source Port Dest Port DSCP Direction

Permit 0.0.0.0 / 0.0.0.0 [the ip of my BES] / 255.255.255.255 IP Any Any Any Outbound

Permit [the ip of my BES] / 255.255.255.255 0.0.0.0 / 0.0.0.0 IP Any Any Any Inbound

Any advice that you can provide would be great

Thanks in advance

Kev

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-22-2010 11:08 AM

Never underestimate the help menu ;-)

Direction

Any, Inbound (from client), or Outbound (to client).

I think that this description is straighforward.

But you will probably notice that your blackberries are disconnected every 3 minutes from your SSID. I don't know if this is something they can tolerate.

Pre-auth ACL is made to give access to some ressources needed to authenticate on the web login page. Not to bypass it completely. So the WLC is kicking out clients that are connected since 3 minutes on the Webauth SSID but not autheneticated on the web page ...

Nicolas

===

don't forget to rate answers that you find useful

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-22-2010 11:08 AM

Never underestimate the help menu ;-)

Direction

Any, Inbound (from client), or Outbound (to client).

I think that this description is straighforward.

But you will probably notice that your blackberries are disconnected every 3 minutes from your SSID. I don't know if this is something they can tolerate.

Pre-auth ACL is made to give access to some ressources needed to authenticate on the web login page. Not to bypass it completely. So the WLC is kicking out clients that are connected since 3 minutes on the Webauth SSID but not autheneticated on the web page ...

Nicolas

===

don't forget to rate answers that you find useful

0 Helpful

Go to solution
kev-matthews
Level 1
Level 1
In response to Nicolas Darchis

‎11-23-2010 12:56 AM

Thanks Nicolas,

My help file doesn't show this information as far as I can see, but thankyou for posting this as it's most useful - it seems to work the opposite way around from what I expected...

I think we'll have to see how it goes for the bypass as really it's just to pull email - no other functionality is required at this time, if we find that it's a problem, then we'll need to look at putting them onto the corporate one.

Kev

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card