Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Web auth not working on new controllers

We are currently experiencing a problem with web auth on one of our sites. This uses WiSM2 controllers running version 7.2.110.0 of the software.

The affected SSID is set up for web auth exactly the same way as our other site and that works (although that uses WiSMs running 7.0.230.0).

Both sites use the same web auth bundle and the same certificate. We have a DNS entry that points back to the virtual interface IP they all use which is 1.1.1.1.

When users connect to the SSID they are not being presented with the login page. Running a preview on the controller at the problem sites shows the correct page that should be being displayed.

The controllers have had the certificate re-applied, the web auth bundle reloaded on and have been upgraded from 7.2.103.0 to 7.2.110.0 but none of these have resolved the issue. All other SSIDs work fine, but this is the only one that uses web auth.

As I say, the only configuration difference is the hardware (WiSM2 vs WiSM) and the software level.

Any suggestions?                

Everyone's tags (6)
4 REPLIES
Hall of Fame Super Silver

Re: Web auth not working on new controllers

When you mention that the login page does not open, that usually means that is a DNS issue. Make sure that you allow DNS from the guest subnet to the DNS server in which the FQDN of the certificate is being resolved.

Are you anchoring the guest ssid to an anchor controller? It would be the same troubleshooting, but make sure the anchor is configured correctly. The foreign wlc guest ssid needs to have a mobility anchor to the anchor wlc and the FW needs to allow DNS back in if your using an internal DNS server.

If you are not using an anchor wlc, the best way to test is to map the guest to another dynamic interface on the inside network that is working. If that works, your FW is blocking DNS on the guest subnet. You also can remove the FQDN (make sure it was entered correctly) from the VIP and test. If that fixes it, then DNS was not resolving the certificate FQDN.

Hope this helps

Sent from Cisco Technical Support iPad App

-Scott
*** Please rate helpful posts ***

Re: Web auth not working on new controllers

Look into this www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080a38c11.shtml

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"
Cisco Employee

Web auth not working on new controllers

If the above answers didn't fix the issue, try these.

to isolate bundle and cert issues.

Try internal page instead of web bundle.

Try http instead of https redirection.

there are some bugs for webauth between on 7.2, please open a TAC case.

#webauth doesn't work when 59+ dynamic interface used

#redirect to internal page instead of web bundle page

#need to enable http for wlc management if http webauth redirection is not working

New Member

Web auth not working on new controllers

Response from DNS i beleive not working.

Thanks.

714
Views
0
Helpful
4
Replies