Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Secure Web Authentication on WLC

Hi, I’m not finding any secure method to authenticate users through web portal in the WLC with a backbend database.

-          We have the option of using radius, but in this case WLC can only use CHAP or PAP, but they are not secure access methods. I could use Ipsec in the radius access but to allow CHAP access I have to enable reversible passwords in the Active Directory which is not a secure method to store passwords. So I cannot use radius

-          I could use LDAP, but WLC doesn’t support LDAP over SSL, so it transmits passwords in clear text and there is no option to make an ipsec connection between WLC and LDAP server. So I cannot use LDAP

Any help? Is there any secure method to authenticate web users?

Thanks

Everyone's tags (3)
10 REPLIES
New Member

Re: Secure Web Authentication on WLC

...

Re: Secure Web Authentication on WLC

I still have the same question,  currently I have a WLC 5508 with ACS5.0, we would like to use the web authentication with backend database(windows AD) in a secure way. How could I achieve this? Thanks.

New Member

Re: Secure Web Authentication on WLC

It would be so easy as allow MSCHAPv2 in Radius or LDAP over SSL. I don't know why a device as secure and new as WLC 5508 doesn't allow that

I have an opencase with TAC.

New Member

Re: Secure Web Authentication on WLC

Hi,

What was the outcome?


Cheers,

New Member

Re: Secure Web Authentication on WLC

They say I need

to open a PER (Product Enhancement Request) , this is done

Via your Account Team.  I will try to do it, but it seems a very long path


New Member

Re: Secure Web Authentication on WLC

Hi, how are you?.

I am using web authentication and want to know if some form exists to protect to the internal portal(https://1.1.1.1/login.html).  This question is in case some person from Internet does make attack DoS to this page.

Thanks a lot.

Andres.

New Member

Re: Secure Web Authentication on WLC

The 1.1.1.1 IP shouldn't be routed on your network and thus wouldn't be vulnerable to a DoS attack.

New Member

Re: Secure Web Authentication on WLC

Hi. thanks  a lot for your answer.

I have a little question:

If I connect to SSID GUEST(web authentication), and write in browser https://1.1.1.1/login.html  opens the internal portal of the WLC.  Then this IP is  not routed?.

Thanks a lot.

Andres.

New Member

Re: Secure Web Authentication on WLC

Correct. It is not routed. The user only sees that page before they are

fully authenticated. No one else can get to that IP unless you¹re routing

1.1.1.1 on your network, which you probable aren¹t.

On 8/31/10 3:37 PM, "andres.lorat"

New Member

Re: Secure Web Authentication on WLC

Very thanks for your explanation.

Thanks a lot.

Andres.

1616
Views
0
Helpful
10
Replies
CreatePlease to create content