A WLC 4400 series with software release 3.2.78, and is configured to provide Web authentication to the wireless clientes. There are 2 WLANs defined, one for "guests" users and one for internal users. No local users defined on the WLC. The AAA process is done by a Radius by a Cisco Secure ACS release 3.3. There are configured 2 users groups in the ACS, "guests" and "users".
For the "guest" group WLAN was defined one collective account, lets name it "saga" with its correspondent password. And also are several individual user accounts defined for both users groups.
The Web authentication problem is with the collective guests account "saga", and is a problem that show up in a random fashion.
A guest wireless client is associated to the guest WLAN. In the screen appear the Web login page. The user has been assigned the collective guest account, so he/her type in the username "saga" and the correspondent password. Click on the submit button, and there's no access to the network. The screen shows again the Web login page. This happen every time that the username and password is typed in.
And the same occurrs simultaneously also for any other client trying to authenticate using the same collective account.
Some time this behavior is broke changing something in the username, lets say "SAGA" or "Saga" instead of "saga".
While this problem was going, a debug aaa details enable command was performed on the WLC.
When the collective "saga" user account and password was entered and submited, nothing appears in the debug output on the WLC!!!!
Using the same web login page and using any other user account, the access to the network is achieved without any problem and also a normal debug output on the WLC
Some things, as delete and redefine the "saga" account has been tried, but that strange behavior still show up time to time
Can you please attach complete "sh run" from WLC and also can you update when your user with saga username is not authenticated and you get the web auth page asking for password again what is the status of the client.
Is it something like WEB_AUTH required or DHCP_Required.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...