Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Wireless 3850 and Web-Auth for Wireless clients

Hi

I can't get the web-auth feature to work properly on the Catalyst 3850 for wireless clients.

Internet is all tested and there is full IP connectivity.

Issue is when I enable the webauth feature on the SSID. Incidentally when I enable the SSID to use consent it works.

I am using local authentication for the guest users.

When user logs onto the wireless, they get to the landing page, and are able to enter the credentials then there is a 30 second pause. The client detail says WEBAUTH_PEND and then a pop up window comes back as seen below

Config below

interface Vlan302

description **** Wireless Guest ****

ip address 10.145.224.161 255.255.255.224

ip helper-address 10.144.214.134

ip helper-address 172.17.2.56

!

ip http server

ip http secure server

ip dhcp snooping

!

wlan XXXXX 2 XXXXXX

aaa-override

accounting-list default

client vlan 302

ip flow monitor wireless-avc-basic input

ip flow monitor wireless-avc-basic output

no security wpa

no security wpa akm dot1x

no security wpa wpa2

no security wpa wpa2 ciphers aes

security dot1x authentication-list WEB_AUTH

security ft

security web-auth

security web-auth authentication-list WEB_AUTH

security web-auth parameter-map vit_web

no shutdown

!

parameter-map type webauth vit_web

type webauth

security web-auth parameter-map vit_web

!

user-name Guest1

creation-time 1390837878

privilege 15

password 7 022D0156060F1B351D

type network-user description Temp-Guest-User guest-user lifetime year 0 month 1 day 0 hour 0 minute 0 second 0

user-name Guest2

creation-time 1390838016

privilege 15

password 7 0724244143000D1145

type network-user description Temp-Guest-User guest-user lifetime year 0 month 1 day 0 hour 0 minute 0 second 0

!

aaa new-model

!

aaa authentication login WEB_AUTH local

aaa authorization network WEB_AUTH local

4 REPLIES
VIP Purple

Wireless 3850 and Web-Auth for Wireless clients

Hi Greg,

These post should helps you

1. https://supportforums.cisco.com/docs/DOC-34454

2. https://supportforums.cisco.com/docs/DOC-34455

3. 5760/3850 Web Passthrough Configuration Example

HTH

Rasika

**** Pls rate alll useful responses ****

New Member

Wireless 3850 and Web-Auth for Wireless clients

Hi

Thanks for the references, but I am still unable to get this working with local Web-Authentication.

I can get this working when I select "consent" in the authentication parameter map but when I enable the Web-Auth feature this fails everytime.

I have been through these documents several times and the configruations I have are identical.

Regards

New Member

Wireless 3850 and Web-Auth for Wireless clients

Hey Greg,

Did you also define the global webauth parameter? I think I had to do this to get my 5760 "working" or as working as these new controllers can be.

parameter-map type webauth global

type webauth

virtual-ip ipv4 x.x.x.x wlc.whatever.org

max-http-conns 50

!

Also I had to enable http server in addition to secure server

ip http server

ip http secure-server

Are you using a self signed cert?

I saw windows clients take a long time to load the page when using a self signed cert.

MAC clients dont seem to work if you use the IOS or OSX based logon. You'll need to disable the auto logon and launch a browser for the redirect. There was a bug ID around this MAC problem which was supposedly resolved in 3.3.1SE  but I still have the problem.

-Kyle

New Member

Wireless 3850 and Web-Auth for Wireless clients

Change

aaa authorization network WEB_AUTH local

to:

aaa authorization network default local

976
Views
0
Helpful
4
Replies