Cisco :: 5508 - Disable HTTPS On Web-auth Passthrough
May 16, 2012
I have a guest wireless network setup on a 5508 WLC using 7.2.103.0 firmware. Under my guest WLAN>security>Layer3 tab I have "layer 3 security" as "none", "web policy" as check marked, "passthrough" selected, "over-ride global config" as check marked, "web auth type" as "customized(downloaded), "login page" and "login failure page" as "login.html" selected.
I haveI have 4402 WLC's using 7.0.116.0 firmware throughout my company that anchor back to the 5508 for the guest network. The 4402 WLC have the guest network configured as WLAN>security>Layer3 tab I have "layer 3 security" as "none", "web policy" as check marked, "passthrough" selected.
I would like to disable the HTTPS for the logon screen and I am not sure what steps need to be done for this. I researched and found the command "config network web-auth secureweb disable". I set the command on the 5508 only and rebooted. When I tested I got a blank webpage with "http://1.1.1.1/fs/customwebauth/login.html?switch_url=http://1.1.1.1/login.html" in the address bar and had no way of clicking the accept button to get to the Internet.
Everything works fine again if I enter "config network web-auth secureweb enable" and reboot. Do I need to run the "config network web-auth secureweb disable" command on all the 4402 WLC's that are anchored to the 5508? What could be breaking my login.html page while using only http?
View 3 Replies
ADVERTISEMENT
Jul 18, 2012
I have a Cisco 5508 running version 7.0.116.0. This controller hosts an open public wifi that requires users to accept a terms agreement via a Web-Passthrough setup that redirects them to the terms splash page. For most people this works without any issue. However, if a user has their homepage for their default browser set to a https site, such as [url]..., then they are never redirected to the terms splash page. The page will just spin and spin until finally they get a timeout error.
View 7 Replies
View Related
Feb 6, 2012
I have a cisco 2504 running 7.0.220.0. I am trying to configure Web Auth for External Redirect, Passthrough. I have a page created on an external web server that was taken from the Web Auth Bundle and modified. It is a simple "accept" or "reject" on a Terms and Conditions page. I have a Pre-Auth ACL configured to only allow communication to the server the T&C page resides on.
When I connect to the SSID, the page redirects to the external URL and the the URL shows up in the browser window with all the variable data as a GET on the URL line, but the page never loads. It just hangs. I can copy the the URL data, paste that in once I am on-net, and the page loads just fine.
So, something is happening when the WLC is attempting to proxy-redirect the page back to the client.
View 7 Replies
View Related
Nov 20, 2012
i have 2 ssid with the same comfiguration (diff only in name) in one ipsec ssid vpn (l2tp over ipsec with natt ) works fine, in another after phase 2 is completed no traffic is forwarded and vpn session is dropped. There are no access lists on equipment.
I found in documentation that need to activate L3 security and set it to vpn pass-through, but in drop-down menu only one item "none". What is the reason to drop ipsec traffic ?
View 4 Replies
View Related
Mar 18, 2013
I am running into an issue with disabling the web-auth secure web on an 5508 anchor WLC running 7.2.110. After the WLC rebooted, the guest authentication portal didn't show up...I could see the IE tab showed Web Auth Redirect though...Changed again the web-auth secure web to enable and rebooted the WLC fixed the issue.
View 4 Replies
View Related
Sep 24, 2012
I have a cisco 5508 WLC that I have setup WebAuth on and trying to install the certificate on. I have generated the csr and gotten my cert from Verisign (X.509, server platform=apache). I have followed the instruction via the cisco documentation url...I found an error in uploading and find out how to encrypt mykey: url...
I am also having exactly the same issue with a certificate from Thawte. I followed the unchained guide and have tried both with and without a password in the initial step key generation step, requesting a new cert each time. As with Jeensernchew's issue there are no errors in OpenSSL but when uploading the cert to the WLC get the following error. [code] The WLC is running version 6.0.196.0. I am using OpenSSL 1.0.0 29 Mar 2010.
When I requested the cert from Thawte I was asked to specify the device type, I chose Cisco, but as all the work and conversion is being done by OpenSSL, should I have chosen differently? When I do this I can load the cert in the 5508, but the controller fails and doesn't allow that VLAN or config access to the wireless network. I am at a loss of why I can load and it not work. I have verified my hostname and password and those are good.
View 1 Replies
View Related
May 30, 2012
I am trying to upload a customized web-auth bundle to a WLC 5508 and having some issues.I have downloaded the web-auth bundle from Cisco and used this as a template to create the web pages.I seem to recall that there is only a couple of Windows tools that you can use to TAR the file such as TUGZIP and IZARC. Anyway I have tried both and I still cannot get the file to extract. I have tried to strip the file out so that I only send up the login.html page and even this does not work.I am using a software release 7.0.220.0.
View 6 Replies
View Related
Sep 19, 2012
I´m wondering if it`s possible to export the defualt web auth portal(web login page) via tftp to a computer from the Cisco WLC 5508 and then modify it and then import that customized portal to the WLC 5508?
View 6 Replies
View Related
Mar 8, 2012
We have recently implemented a 3rd party certificate for the guest access, currently have a WLC 5508 that has a Vlan directly connected to our DMZ firewall and NATed out. The problem is when I have installed a 3rd party certificate as per the following link URL
The DNS host name that I entered into the DNS Host name section is not resolved. If I remove the DNS name and leave the virtual ip address 1.1.1.1 then it works fine but just comes back with untrusted message.
View 34 Replies
View Related
Apr 16, 2012
I know it is possible to create custom web auth splash pages on the WLC 5508. Is it also possible to embedd a small document (less than 1MB) that users can download directly from the controller? I need this for providing the terms of use for the Guest WLAN.
View 3 Replies
View Related
Jul 22, 2012
I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth. I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic. Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?
View 1 Replies
View Related
Nov 1, 2011
I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.
View 6 Replies
View Related
Oct 1, 2012
I understand that Cisco have at long last provided a facility to separate HTTP web authentication from HTTPS WLC management on WLC code 7.2.x for the new 5500 series WLCs.
My question is does Cisco intend to provide the same much needed functionality on the 4400 series WLCs that are running 7.0.x code? I was looking through the release notes for v7.0.235.3 code and that did not seem to mention this functionality. I know we can get around the problem by purchasing an SSL certificate so that guest users with web authentication do not have to see the same security warning each time they log in but the idea to separate the HTTP web authentication from HTTPS WLC management seems so much simpler.
View 6 Replies
View Related
Jan 9, 2013
I have a wireless controller 5508 and all my interfaces can be accessed via https or ssh from a wireless client. Management access from a wireless client is disabled so I don't understand why this is happening.
View 10 Replies
View Related
Mar 26, 2011
I have follow below URL to disable the https over web authentication:
[URL]
What i want to achieve is disable https over web authentication due to certificate issue, but it seems like even we have disable the http over web management as above URL describe, still https while doing web authentication. Or it is possible to configure use port other than 80, like 8080 for web authentication? (need to reboot the wlc?)Is there any bug that related to this CSCsy32145?
WLC Software Version 6.0.196.0
View 8 Replies
View Related
Apr 14, 2012
New 5508 controller, can ping it and ssh but no https. Is there an initial cli configuration I'm missing here ?
View 2 Replies
View Related
Feb 6, 2012
I'm about to upgrade a 5508 controller so I can do the pre-download to the access points, but in every doc I find, it says to disable the WLAN's before upgrading. This makes no sense. I'm just moving code over, why do I have to disrupt my wireless network in order to move code?
View 7 Replies
View Related
Jul 2, 2011
I have one wlc 5508 running on latest IOS 7.116, there is one wlan abc which i have disable status and disable broadcast, but randomly still i can see from wlc dashboard there is one client connected to this wlan abc. The moment i check on the client details, there is no client connected to that wlan and when return to dashboard, no more client connected to that wlan abc.
View 3 Replies
View Related
Oct 19, 2011
I have WLC 4400/5508 I stumbled across this config paging disable command to stop page breaks, works great for the one session I am logged in but it do not work for other users..
View 1 Replies
View Related
Mar 17, 2013
We have some older Honeywell Dolphin 7900 Series Handhelds that have issues with wireless communication. Very unreliable communication. One recommendation from Honeywell is to disable the G standard and only allow B. Basically have a WLAN that is solely b radio enabled. I see that their are options to go B/G only or A only, but no options in the radio policy to go B only.
We are using WCS 7.0.240 and the controller is a WLC 5508 running the same code revision.
Is this doable on a single WLAN while leaving G available on other WLAN's?
View 4 Replies
View Related
Dec 26, 2011
Is it possible to use Cisco Band Select on a Cisco 5508 WLAN controller and still disable the 802.11b data rates?
View 2 Replies
View Related
Apr 9, 2012
We are having 5508 controller with Lightweight access points 1142, IS it possible to disable 802.11a on certain access points before turning it off completely on the controllers?? Could you provide steps for doing so on WCS?
View 5 Replies
View Related
May 29, 2013
After reboot WLC , the switch port was err-disable , the cause is link flap after we reboot 3 times , the switch port link flap err-disable every time? We don't know why the WLC rebboot will cause it , it just normal action on device the WLC version is 7.4.100.0 link switch with access port , no port channel , no portfast.
View 11 Replies
View Related
Apr 15, 2012
Interface management on WCL 5508 is assigned ip 192.168.255.200 and from a PC ( on different subnet), i can ping but cannot access https to WCL but From a PC ( in the same subnet) i can ping and https.
View 11 Replies
View Related
May 9, 2013
I have a Meraki Firewall that sits behind my Cisco RV082. The Meraki is setup to run a VPN connection with my server but I am having problems passing the VPN traffic through properly.
I have 2 Uverse Internet Connections that the RV082 using load balancing so that they are shared. I have 10 static IP's.
I am trying to come in on one of my static IP addresses throught the Cisco RV082 to the Meraki and after doing a capture on the meraki it appears that it is starting to receive data to intiate the VPN connection but when it sends data back to the VPN client machine it never makes it.
View 1 Replies
View Related
Aug 22, 2011
I have a DIR-655_RevB updated with the latest firmware 2.03NA. I have two VPN devices in my house trying to get to my corporate office: a VPN phone and my laptop with a VPN client, both use IPSec. Either device has no problem making a solid VPN connection separate from each other. Meaning that when my laptop is not connected, I can connect the VPN phone with no problem. And when the VPN phone is disconnected, the laptop also has no problem making a solid and stable VPN connection. So I know the router is configured correctly to let thru VPN traffic for either device. i.e. IPSec is enabled, UDP/TCP Endpoint Filtering are both set to Endpoint Independent (and I've tried every other combo), SPI is disabled.
The problem is that I need to have both devices connected simultaneously, which this router is supposed to handle. If I have the VPN phone connected first, then when I launch the laptop VPN client, the VPN phone gets disconnected. I'm assuming that at this point, all VPN traffic is being tunneled back to the laptop. I cannot re-establish the VPN phone connection until I disconnect the laptop client, at which point the VPN phone "automatically" reconnects (meaning I don't have to reboot it, the VPN traffic just somehoe gets redirected back to this device)
View 7 Replies
View Related
Jan 13, 2012
In a cisco firewall 5520 how could you take a public wan connection and pass it to another firewall behind the 5520 without using nat. How could you put a single port on the 5520 into transparent or passthrough much like you can on a broadband modem?
View 3 Replies
View Related
Apr 10, 2012
How to enable PPTP passthrough on Cisco ASA 5505?I have a RRAS server inside and the client is trying to connect from outside.
View 1 Replies
View Related
Feb 26, 2012
I'm having some issues with Web-Passthrough, I'm using two 4404-50 controllers. Clients get IP addresses well. I'm using the controllers internal DHCP Servers. Controllers can reach DNS public IP Addresses (from management and guest vlan), the issue is that only very few clients are able to get displayed the Web-Passthrough page, the rest of the clients never get the page.
Version 7.0.98.0
The controllers also work as anchor controllers for two more foreign controllers.
View 10 Replies
View Related
Jan 24, 2013
I have a pair of ACE 4710 and I think I have all the failover configured correctly and it all appears to be working. My question is regarding setting QOS on the physical interfaces that are part of my port channel. I have qos trust cos enabled on all the interfaces in my port channel. These interfaces are connected to a 3750 swith. Do I need to configure QOS on the 3750 to allow the COS bit to pass through my 3750 to my peer?
View 3 Replies
View Related
Feb 10, 2013
I add a new Cisco ASA 5505 as firewall in of company network. I found the PPTP authentication did not get through to internal Microsoft Server.
ASA Version 8.4(3)!names!interface Ethernet0/0switchport access vlan 2!interface Ethernet0/1switchport access vlan 2!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1nameif insidesecurity-level 100ip
[Code]....
View 4 Replies
View Related
Mar 28, 2012
I am working on IPSec Passthrough on an ASA 5520, with version 8.3, and ASDM 6.3. Currently I have a requirement for users in my internal network (10.10.249.128 / 25) to be able to connect to external IPSec VPN servers.
So I created a network object with 10.10.249.128 / 25, and used dynamic PAT to translate the source ip address to the external internet facing outside interface:
I then added the following rules on the inside-in ACL: However troubleshooting shows that isakmp is passing through the firewall, but esp and ah is not.
For isakmp:
For ESP:Seems like the nat rule is drawing my ESP traffic,
View 1 Replies
View Related
Aug 2, 2011
I've download a login.html into the controller successfully, but when I preview the page there isn't an accept button. Do I need to create the accept button with the html file or is there some place I need to enable on the controller itself. After download the .tar file I reboot the controller but no luck. I also create a java script button redirect but it didn't redirect to where I needed to go. It just stuck on the splash page.
View 3 Replies
View Related
