Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

2504 Web-Auth Passthrough with External Redirect

Everyone,

I have a cisco 2504 running 7.0.220.0. I am trying to configure Web Auth for External Redirect, Passthrough. I have a page created on an external web server that was taken from the Web Auth Bundle and modified. It is a simple "accept" or "reject" on a Terms and Conditions page. I have a Pre-Auth ACL configured to only allow communication to the server the T&C page resides on.

When I connect to the SSID, the page redirects to the external URL and the the URL shows up in the browser window with all the variable data as a GET on the URL line, but the page never loads. It just hangs. I can copy the the URL data, paste that in once I am on-net, and the page loads just fine.

So, something is happening when the WLC is attempting to proxy-redirect the page back to the client. Not sure what it is exactly, any help is appreciated!

7 REPLIES
Hall of Fame Super Silver

Re: 2504 Web-Auth Passthrough with External Redirect

Try to start simple first. Take off the pre acl. Does the guest network work if you do not do any type of webauth just open authentication? If guest works fine, redirect to the external web server and see if that works. The main thing is to make sure the scripts are still part if the HTML code. You wan to see if the HTML code is the one that breaks it or maybe it the acl or connectivity.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: 2504 Web-Auth Passthrough with External Redirect

If I remove the pre-auth ACL the redirect goes into a terminal loop.

If I take Web-Auth off it works just fine

I can use Web-Auth with Passthrough on a local page and it also works just fine.

It seems specific to the way I am setting up the external url.

Re: 2504 Web-Auth Passthrough with External Redirect

can you show us the pre-auth ACL?

Steve

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Hall of Fame Super Silver

Re: 2504 Web-Auth Passthrough with External Redirect

Take a look at this doc, shows the pre-auth acl.

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008076f974.shtml#c2

-Scott
*** Please rate helpful posts ***
New Member

Re: 2504 Web-Auth Passthrough with External Redirect

New Member

Re: 2504 Web-Auth Passthrough with External Redirect

      Seq#     Action     Source IP/Mask     Destination IP/Mask     Protocol     Source Port     Dest Port     DSCP     Direction     Number of Hits

    1     Permit     10.43.0.0 / 255.255.0.0    216.115.84.140 / 255.255.255.255     TCP     Any     Any     Any     Inbound     76

    2     Permit     216.115.84.140 / 255.255.255.255     10.43.0.0 / 255.255.0.0     TCP     Any     Any     Any     Outbound     20

    3     Deny     0.0.0.0 / 0.0.0.0     0.0.0.0 / 0.0.0.0     Any     Any     Any     Any     Any     11149

Bronze

Re: 2504 Web-Auth Passthrough with External Redirect

The pre-auth ACL looks fine.  I would presume your wireless clients are on the 10.43.0.0/16 network which you have permitted all TCP communication "in" to the WLC for traffic destined to your web server 216.115.84.140, and you have permitted your web server for any TCP communication "out" to the clients 10.43.0.0/16 form the WLC.

I would "highly" suggest starting over with your bundle.  Since you can get redirected to the page (although it sounds like you have to re-submit the page using the URL?), so your ACL is probably functioning correclty, but the page is not working properly.  Take the default "external web passthrough" login.tar file.  This would be the "original" login.tar located in the "wapext" folder of the webauth_bundle, completely unedited (as horrible as it looks, i know) and use that on the external web server.  Test and see if you are still having problems.  I would do this "first" before anything else, such as tweaking configs or altering the problematic page.

Also, be sure that in the controller webauth config settings, that the "external url" is a direct path to the "login.html" file.  For instance, yours "may" look like this if the login.html is located in the root of your web server.

http://216.115.84.140/login.html

2343
Views
0
Helpful
7
Replies
CreatePlease to create content