Re: LWAPP Controller 4400 - Web Auth Problem

nhaits · ‎02-07-2006

I have setup a lwapp system with about 6 AP's. Everything works great but on one of the WLAN's I have Web Authentication setup. For some reason, I cannot get this to work. I have tried every setting possible, played with the virtual interface but I can't get wireless clients to get the proxy page. As soon as I turn it on they get nothing.

fergusoni · ‎02-08-2006

Hi

Can you ensure that your wireless clients have correct local DNS entries before they try and autheticate to Controller. If no DNS, it wont work. The controller will then intercept the web request and you will be re-directed to virtual address to authenticate. You can also try browsing to the virtual address to see if you get the authentication page.

nhaits · ‎02-10-2006

I have a DNS server available, but it is on the other side of the controller (not the wireless side). The strange thing is that it works sometimes and then it seems to quit.

Darren Ramsey · ‎02-10-2006

CSCsb83130 The notes indicate this is only on the 2006, but I have seen it on the 4400 too.

jcornford · ‎02-17-2006

I've seen this problem on a 4100 too! I've had it working on other types of controllers. I'll make a note of the 2006 bug and do some more testing when I can get at the controller in question. I have a Cisco TAC case logged for the issue and they've suggested running some debugs, but I haven't had a chance yet. If I progess anything I'll post the fix on this thread.

Darren Ramsey · ‎02-17-2006

CSCsc68105 web auth bug for the 4400

bhbachman · ‎02-13-2006

Have you verified that on all your 4400 controllers you have the virtual interface set to the same address? That caught me a year or so ago.

I have had issues getting it to work consistently from time to time. But it is usually a setting I missed.

c-tai · ‎02-22-2006

Hi, can multiple controllers in the same group have the same virtual interface IP address? (ie. 1.1.1.1)?

drees · ‎06-08-2006

Nope. You need to use something like 1.1.1.1 for the first, 1.1.1.2 for the second and so on.

HTH.

netmasque · ‎06-15-2006

According to Cisco/AIrespace engineers, you MUST use the same virtual address. Do NOT increment them if they are in the same mobility group.

If they aren't in the same mobility group, it also has no affect.. So, 1.1.1.1 should be used as virtual interface on all controllers from every case I've seen so far.

Their documentation is misleading on this interface, to say the least.

Stephen Rodriguez · ‎06-08-2006

Yes, they can. and this is necessary for mobility groups to work properly.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Dmitry Halavin · ‎06-17-2006

Numerous issues with webauth have been fixed in 3.2.150.6, please try this version.