Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Access using Cisco NAC 3310 Guest Access Server

We currently purchase a Cisco 3310 in hopes of using it so people could self register themselves to get on a Guest Wifi. We initially roled it out with default lobby ambassodor but the help desk became overwhelmed. We are looking to have public users self register themselves to the Wifi.

Here is what i have.

I have got it to work where users are redirected to the NAC Guest Access server and successfully create a username password. There is an option in the User template on the NAC server for autologin. I also have that checked so the user can just click the submit button. When we click submit it says invalid username password. I know the WLAN is correctly configured because if i change the WLAN redirect page to the internal default i can login just fine with the credentials i just created.

So finally what is it i am missing. I am confused on how redirecting to the NAC server and the basic snippet of code Javascript will communicate back to the Wism controller since my browser is on the NAC???? TAC has been NO help in this at all. Any help is really appreciated.

5 REPLIES

Re: Guest Access using Cisco NAC 3310 Guest Access Server

New Member

Re: Guest Access using Cisco NAC 3310 Guest Access Server

Yes, we can get the sponsor to work no problem its the self registration/self service giving us fits.

Re: Guest Access using Cisco NAC 3310 Guest Access Server

Have you got this documentation with the HTML code:

http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_hotspots.html#wp1069385

Section: Adding Login Component for Wireless LAN Controllers and Customizing the Login Page.

New Member

Re: Guest Access using Cisco NAC 3310 Guest Access Server

Yes we have. So I have been really digging on this and when you go to a external webauth it still looks to send the username password back to the WLC. I have an internal doc from Cisco that say

"Login request is sent back to the action URL of the controller web server."

By default when setting up the WLC i used the 1.1.1.1 ip for the virtual interface. Currently 1.1.1.1 is not advertised in my network so how the heck would the NAC send the request back to it?? (Sorry thinking outloud). According to my understanding the switch_url is what its looking to send the credentials back too...Sooo should I modify my virtual IP to be something that is routable on my network?

If your lookin in the below URL which is what id get redirected too and after filling out my self service.

https://nac.guestwifi.com/sites/Guest/selfservice.html?switch_url=https://1.1.1.1/login.html&ap_mac=00:22:90:93:25:80&wlan=MAS&redirect=www.google.com/

The switch_url part is what send the post to would need to be reached via the nac. Right now 1.1.1.1 is not..

Thoughts?

Re: Guest Access using Cisco NAC 3310 Guest Access Server

I'm not sure if it uses the virtual port. We could do a tcpdump on the nac server and see from what ip the request comes.

If indeed it's 1.1.1.1, then let's change it to a routable IP and try.

I have personally not done such config in the past.

1272
Views
0
Helpful
5
Replies
CreatePlease login to create content