Web Authentication on Cisco Wireless LAN Controllers (WLCs)


Jun 30, 2011 4:52 AM
Jun 30th, 2011
Video Upload: 

Here is a video which explains Web authentication on Wireless lan controllers. This video starts with the basics and then discusses the details of the web authentication process.

Average Rating: 4.5 (2 ratings)
Rajesh Premachandran Thu, 06/30/2011 - 05:17

If you are using an external web server for web authentication with a Cisco 5500 Series Controller, a Cisco 2100 Series Controller, or a controller network module, you must configure a preauthentication ACL on the WLAN for the external web server.

Normally, no traffic from the user is allowed to pass through the WLC until the client authenticates successfully with the WLC. With pre-authentication ACL, as the name implies, you can allow client traffic to and from a specific IP address even before the client authenticates. This helps to forward the client traffic to the External Web Authentication server (external to the WLC network), which is used to authenticate the user in the web authentication process.

luceroc Mon, 08/15/2011 - 12:33

Thanks Rajesh for the slideshow video.  The web authentication configuration seems pretty straighforward as you mentioned in the video.  But I think it could be helpful to describe the LAN set; router, switch configurations when setting up guest vlans for WIRED guest services as well.  I have a situation where I want to deploy a pair of 4404 controllers as a anchor for about 20 remote locations.  BUT at the remote locations need wired guest services.  I have currently deployed Bluesocket devices at the remote facilities and want to shut them down and run only WLCs.   Thanks again and just thought others might want to see more detail like this on the wired setup.


netops@azwestern.edu Mon, 08/15/2011 - 15:38

Rajesh ,

What if you are doing web-passthrough ? Is the ACL still allowing pre-auth clients to access allowed hosts?. I ask because currently we are having an issue were connected clients ( using a web pass-through wlan policy) , if they have the local web page as  home , it is not redirecting to the validation web page , unless they open a different web page , then after they click accept , they are able to go to any web site.



Login or Register to take actions

This Video

Posted June 30, 2011 at 4:52 AM

Related Content

Videos Leaderboard