Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WLC 4400/Web Authentication and proxy autodiscovery

We have a guest-SSID where people authenticate via the build in web authentication and RADIUS.

We use proxy autodiscovery (WPAD, DHCP option 252) in our network and this works on the guest-SSID, but only after the authenticated user closes and opens Internet Explorer. It seems that restarting Internet Explorer triggers the WPAD discovery process.

My question is if there is a smarter way to push proxy settings to guest users without user invention? How did you solve this?

Regards,

Rutger

6 REPLIES
Bronze

Re: WLC 4400/Web Authentication and proxy autodiscovery

Does the WLC pose any message at its console while the IE browser window is reopened and the porxy discovery worked??.

Enable debug output on the controller and send me the capture you find. I will trace it for clear understanding of the root cause.

New Member

Re: WLC 4400/Web Authentication and proxy autodiscovery

Hello,

What do you suggest we debug on?

Rutger

Re: WLC 4400/Web Authentication and proxy autodiscovery

The reason you need to restart IE is because the WLC will be blocking the initial discovery messages from IE to Proxy because the user won't have authenticated yet. When the user authenticates, closing / opening IE triggers the discovery messages thruogh, which are now allowed to pass to the proxy.

The most fool-proof way I've come across is to use Transparent URL Redicection. This is something you can setup on a PIX / ASA, but requires a compatible WebProxy / WebFilter - I've used WebSense, but I believe other products should work too.

Lots of documentation about how to achieve this via CCO.

Regards,

Richard

New Member

Re: WLC 4400/Web Authentication and proxy autodiscovery

Hi,

I am planning deploying something similar to you. (I have just posted a question based on this!!!). The behaviour you are experiencing is how I would expect WPAD to work. WPAD occurs when the browser opens however it is blocked until authentication has occured. Open a second browser after you authenticated means that the WPAD message is passed through the WLAN controller. Do you use the integrated web authentication or do you use an external web-server. My thoughts are that the external webserver could open a second web-browser once the 'logon' button has been pressed.

Regards

Marcus

New Member

Re: WLC 4400/Web Authentication and proxy autodiscovery

Hello,

We are using the integrated authentication web. I was able to solve this problem by using the DHCP WPAD discovery method where the WPAD-URL is sent in the DHCP-reply. This information is then already in place before the web authentication occurs.

Are you familiar with that? Otherwise I'll be glad to post the configuration here.

Rutger

New Member

Re: WLC 4400/Web Authentication and proxy autodiscovery

Hi Rutger,

Thanks. I am not familiar with this so would be grateful for the configuration.

Cheers

Marcus

1032
Views
0
Helpful
6
Replies