I am testing out a wireless mesh design and am using a 4402 wlc with a handfull of 1510 AP's.
I have a number of vlans and IAS authentication configured and all is working well.
The issue I have is with a public access wlan. I have the wlan/vlan configured correctly, DHCP works fine and devices can forward traffic ok. The wlan is set up with no encryption or authentication currently as we want to use the web authentication feature.
I can get the client devices to redirect to the Web Authentication page ok but authentication with the defined IAS radius server fails.
Having had a look in the event viewer of the IAS server it appears to be failing because the NAS-PORT-TYPE is undefined.
So either the 4400 is not sending the NAS type or the IAS is not understanding it.
radius on all the other vlans works perfectly so i cant see why the NAS type is not being provided with web authentication.
Can anyone shed any light on the possible/probable causes?
You are saying the WLAN is setup without any encryption and authentication. Then the guest should be able to browse the web transparently. What NAS log says doesn't matter.
I guess you are using some form of user id and password security on the guest page though - is that correct? If that is correct then you should define this authentication type on RADIUS otherwise it won't be able to process guest's request.
The guest/public vlan is open, but the WLC 4400 has a web authentication feature which operated independently of any wireless authentication methods.
It intercepts http traffic from the client and redirects it to either a built in web authentication page, or an external custom page. In either case, the user is prompted for a username and password. This is then checked against a RADIUS server and authenticated before the user is allowed anywhere else.
The issue is with the remote access policy ins IAS. You have to have a seperate policy for webauth. You should have the NAS-PORT-Type as wireless and specify the NAS-IP-Address with the WLC management ip address. On the WLC general tab, make sure ppp is configured.
In IAS, the Authentication tab, PAP SAP should be the only thing checked. In the advanced tab,service type is login and framed-protocol is ppp.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...