Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
4
Replies

Web-auth on two SSIDs with AD

jain.nitin
Level 3
Level 3

‎05-13-2009 06:23 AM - edited ‎07-03-2021 05:35 PM

Hi All, Is there any possiblity two configure web-auth for Two SSIDs. one SSID which is for guest will use WLC local database for authenticating over web-auth. While other ssid for corporate users will use web-auth but web-auth will be integrated to AD to provide authentication for corporate users over web-auth.

Means there will be two ssid with web-auth. but for one ssid web-auth will use AD as backend- database for other ssid Web-auth will used loca wlc database.

Please let me know if it possible or no?

Labels:
0 Helpful
4 Replies 4

Robert.N.Barrett_2
Level 4
Level 4

‎05-13-2009 07:01 AM

I can't answer your question directly, but was wondering why you need to (or want to) use web auth for your corporate users?

For your corporate users, have you considered using PEAP with WPA2/AES (or WPA/TKIP) on your wireless clients and authenticate the users against AD using Cisco ACS or Windows IAS? Since you already have AD servers, you already have licenses to run IAS without paying additional fees. If your AD controllers are decent (not super-beefy, but decent), they should work just fine for IAS.

0 Helpful

jain.nitin
Level 3
Level 3
In response to Robert.N.Barrett_2

‎05-13-2009 07:19 AM

thanks for your reply. Its customer requirement. customer does not have ACS & they dont want to run IAS.

So no option to do this. other manual configu the dont want like wep, WPA-PSK

Thanks

0 Helpful

Robert.N.Barrett_2
Level 4
Level 4
In response to jain.nitin

‎05-13-2009 12:16 PM

Sorry to hear that, but they really really really need to use something like WPA2/PSK with the web auth. If they just use web auth, all wireless traffic will be unencrypted and easily captured over the air with simple tools.

0 Helpful

Robert.N.Barrett_2
Level 4
Level 4

‎05-13-2009 12:26 PM

I think I can answer your other question, now.

You will want to define a "global" web auth setting that will be used for the Guest network (go to Security -> Web Auth -> Web Login Page.

For the private network, you will override the global web auth setting with a local setting (WLAN -> choose your SSID -> Go to Layer 3 tab, Enable "Web Policy", Select "Authentication", Check the "Enable" box for Over-ride global config and set your web auth type of "External (redirect)".

You will likely have a lot of fun writing the code that runs on the external web server. I can't help you with that one. You might want to search the Cisco docs for a custom re-direct web auth guide.

You could also easily do the reverse: define a custom re-direct at the global level and over-ridge the global setting with a web auth for the guest network.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card