Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

A little bit about Web Authentication Possibilities

This is two Step Process: A, and then B.

A deals with Certificate issues.  (where we have to take care of Certificate Warnings)

B deals with WebPage     issues. (where we have to get the Web Page displayed for the Guests)

  ---------------------------------------------------

A : [ Should be able to resolve Certificate Warning Issue ]

  ---------------------------------------------------

"Even before the WebPage gets pulled up for the user, the WebSvr sends a certificate to the Client's WebBrowser"

If the Page is hosted within the Apache WebSvr,  inside the WLC, accessible via a non-routable   ip address.

                                                                                  (virtual)

{

1.In the DNS server, need to map the ip address of the virtual interface with the DNS hostname;

2.CN name in the CSR should be DNS Hostname;

3.From the CLI of a wireless client, nslookup <DNS Hostname> should be able to return the ip address of V If.

}

If the Page is hosted within the Web Server     outside the WLC, accessible via a routable       ip address

{

The Webserver of the external Page should be able to return the Certificate, which is recognizable by W/L clients

}

  ---------------------------------

B: [ If we do not want Authentication ]

  ---------------------------------

if [ Page (!with L-3 Authentication) &&  (Inside WLC)]

{

   Set Wlans->Layer3Security -> WebPassthrough; EXIT

}

if (Page !with L-3 Authentication && Outside WLC available at 1.2.3.4)

{

   Set Wlans->Layer3Security -> WebPassthrough;

URLofPageWithNoAuthentication                                          = "X.com"

URLofPageToGetRedirectedTowardsAfterSuccessfulLayer3OpenAuthentication = "Y.com"

  1.Set Wlans->Layer3Security to WebAuthentication

  2.Set Security->WebAuth->WebLoginPage->WebAuthenticationType ====================  = External

  3.Set Security->WebAuth->WebLoginPage->External Webauth URL  ====================  = X.com

  4.Set Security->WebAuth->WebLoginPage->Redirect URL after login =================  = Y.com

  5.Set Security->WebAuth->WebLoginPage->External Web Servers->Web Server IP Address = 1.2.3.4

}

  -------------------------

B: [ If we want Authentication ]

  -------------------------

if [Page  with ( L-3 Authentication && Inside WLC)]

{

  1.Set Wlans->Layer3Security to WebAuthentication

  2.if (Page == ' Default' Cisco Page) {Set Security->WebAuth->WebLoginPage->WebAuthenticationType = Internal}

  2.if (Page == '!Default' Cisco Page) {Set Security->WebAuth->WebLoginPage->WebAuthenticationType = Customized}

}

if [Page  with ( L-3 Authentication && Outside WLC available at 1.2.3.4)

{

URLofAuthenticationPage                                      = "X.com"

URLofPageToGetRedirectedTowardsAfterSuccessfulAuthentication = "Y.com"

  1.Set Wlans->Layer3Security to WebAuthentication

  2.Set Security->WebAuth->WebLoginPage->WebAuthenticationType ====================  = External

  3.Set Security->WebAuth->WebLoginPage->External Webauth URL  ====================  = X.com

  4.Set Security->WebAuth->WebLoginPage->Redirect URL after login =================  = Y.com

  5.Set Security->WebAuth->WebLoginPage->External Web Servers->Web Server IP Address = 1.2.3.4

  6.We need to configure Pre-Authentication ACL.

}

Version history
Revision #:
1 of 1
Last update:
‎10-22-2013 06:19 PM
Updated by:
 
Labels (1)