Cisco Wireless :: 5508 - Apple Devices Timing Out From Guest Network With Captive Portal
Jan 29, 2013
I am setting up a new Guest network with a captive portal and it seems to all work fine except when Apple devices go to sleep. When they come back on it isn't just a case of logging in again as it just indicates to the client that it is still connected and won't present the login page again. The Controller will show the client as auth required. So far the quickest way has been for me to delete the network on iPads and re-enter my settings or create a new profile on a Macbook and join again. I have also had some success when doing a manual DHCP refresh on my Macbook which sometimes seems to kick the Controller into action so it presents the login page to the client again. Whether it is related to the timers on the Controller (5508 running code 7.0.235.3) or - as I just read in another post by Leo - the 20 minute timeout that all Apple devices have built in to conserve battery life
View 3 Replies
ADVERTISEMENT
Oct 14, 2012
I have 1 WAP321 for guest access. Now I need to isolate traffic of guest captive portal from my LAN.How can I do this?
View 1 Replies
View Related
Jan 29, 2013
I do know that captive portal could be setup on cisco 5508, such that internet users could login as follows: Username, password , login duration etc. however i would like to know whether the above configuration would work with just 5508 and MS Active directory. secondly can we upload a customised login web page from which users can login and gain access to the internet ?
View 1 Replies
View Related
Sep 25, 2012
We are plannig to install a WLC 5508.Actually, there is a Nortel Controller with some Nortel APs.The controllers use Coova CHILLI captive portal to authenticate. Also the CHILLI server acts as a DHCP server for APs and Wireless clients. The Nortel Control does not authenticate the wireless clients, is used only for AP management.
My questions are :
1.- Does the Cisco WLC 5508 works with the CHILLI?
2.- Is there any documentation?
View 4 Replies
View Related
Mar 7, 2013
I have set up a new wireless network for a customer and they want to use the guest portal for som users.The problem that I am expering is that on a particular site with many small buildings user complains that they have to reauthenticate using the webportal when moving between the buildnings. I have tired extending the idle user timeout on that particular wlan in the cisco 5508, but I still having this problem.
I would actually like if the user login via the guestportal at the beginning of the work day and after say 4-5 hours they have to reautencitcate.And if they loose network connectivity (moving between buildings, iphone/andriod shutting down wifi adapter, etc) they shuld be fine connecting again because they have aldready authecnticated once during the last 4-5 hours.
Is this possible via the ISE?My second question deals with 2.4 and 5 Ghz band.I use AP groups on each of my distribution areas. All groups have the same SSID but diffrenet egress interfaces (interfaces groups). And in some of these I want to save the 5 GHz band for voice over wlan and in others i would like to use both bands.
Do I have to create diffrent wlan profiles with diffrent radio policys and same SSID or could I do this in the AP group settings using RF-profiles?
View 2 Replies
View Related
Jul 23, 2012
We recently applied a 3rd party SSL certificate to our 5508 (running 7.0.220.0) to be used for guest web authentication. It's working, however Mac clients are getting invalid certificate messages. This seems to be due to Mac’s default behavior to use OCSP to validate certificates.. Disabling OCSP via the Keychain causes the cert error to go away. I’m wondering if there is any WLC setting that allows OCSP through the captive portal.
View 6 Replies
View Related
Jun 14, 2012
I'm seeing a problem with Apple IOS devices connecting from one SSID and then connecting immediately to another. I've tried to replicate this fault with non Apple IOS devices, but I'm unable.
Environment:
Single 5508 WLC running 7.2.110.0 AIR-LAP1142N-A-K9 AP's
WLC is in clients head office, MPLS to their branch sites. AP's are in Flex Connect mode, with AP and Flex Connect groups for the AP's at the branch. 3 x SSIDs; Corporate (802.1X), Guest (Web-Auth) & Non-Corp (PSK).
Scenario:
Client is connected to the Corporate SSID with his iPad (new model, running iOS 5.1.1). No problem with access, he is able to roam throughout the building with good SNR/RSSI. He wants to test the other SSID's, he attempts to connect directly to the Guest or Non-Corp and gets an error message on the client saying 'Unable to Connect' or 'Unable to Join'. Debugs on the WLC for the client shows no connection attempt, no errors. I can see the client disconnect from the Corporate SSID, but nothing for the Guest or Non-Corp SSID.
If the client then disconnects and forgets the Corporate SSID from the wireless profiles on their i Pad, waits 20-30 seconds (I can see the client disconnect cleanly from the WLC) and then attempts to connect to the Guest or Non-Corp SSID's - he doesn't have a problem. He immediately associates, and is able to connect. If he then tries to connect directly to another SSID, while still associated to another from the same WLC/AP – he gets the error again. Forget/wait 20-30 seconds, attempt to connect – no problem. We've tested with several i Phones (4 & 4S), i Pads (2 & new model) - all running the same Apple IOS (5.1.1).
I unfortunately can't do much troubleshooting with TAC on this as the client is no longer onsite, and I don't have a 5508 in our lab that I can currently test with. I've tried playing with beacon intervals, etc to no avail.
View 3 Replies
View Related
Feb 21, 2013
I have set up a Guest Portal with WLC 5508 7.4 and ISE 1.1.1 ;everything is OK, except one thing: the Guest VLAN, associated to the Guest SSID is, actually, a DMZ behind my customer firewall and the DHCP parameters provided to the wireless Guest equipement connected on this VLAN include the public ISP DNS servers addresses, not the customer internal DNS serveurs addresses;this seems OK since the idea of this Guest SSID is to give a pure Internet access to the Guests, and no connection at all towards the customer internal servers;
the problem is that, when the wireless guest receives the redictect URL from ISE (URL to access the ISE Guest Portal), this URL is based on the ISE DNS name, not on its IP address; so, the PC can't resolve this internal DNS name by using the ISP DNS servers addresses provided by the DHCP server, and, so, it can't access the Guest Portal at all ;Apart from changing those DNS values in the DHCP server (the customer does not accept this solution), how could we solve this problem ?I have tried to code manually , in the CWA Authorization profile, the equivalent URL redirect via the CISCO av-pair as follows : [code] but, it does not work, since the sessionIdValue variable is not replaced by its real value when sent to the wireless client
View 4 Replies
View Related
Apr 26, 2011
On my wireless network, I am running guest access that I want to have as authenticated. If I enable WLAN, security, layer 3 web policy, when an iPAD / iPhone connects, they get directed to the Web Auth splash page, on where they must enter username & password. My users do not want to be directed to this page everytime they login - just select the SSID and connect - is there a way of authenticating guests via a WLC4400 without going through the splash page everytime?
View 6 Replies
View Related
Feb 11, 2013
I'm setting a Wireless Guest with a WLC 5508 (7.3) and ISE (1.1.2) -- (no anchor).It appears to work (still some adjustments are required), but I found when the guest user log in, it receives the successful login screen and inmediately the guest portal again. If another browser window or tab is open, the user can browse properly.
View 5 Replies
View Related
Mar 5, 2013
where to go to get my WAP321's captive portal. If i type the IP address of the WAP321 it simply takes me into the Administration page.
View 1 Replies
View Related
Aug 15, 2012
I plan to use the WAP321 as a WLAN Hotspot. But I need more than one AP. What is the Design for this?
Do I need to configure every WAP321 with the captive portal and the user need to re-login every time they roam to another WAP321?
Or can I redirect all WAP321 AP to one captive portal?
View 6 Replies
View Related
Mar 6, 2013
I have configured my WAP321 with captive portal enabled but how to a get to the captive portal. If i browse to its web address and get back into the administration GUI and if i connect to the wireless connection configured on this AP it does the normal wireless login.
View 2 Replies
View Related
Oct 1, 2012
Our iOS6 devices cannot connect to our Cisco Wi-Fi access points using our guest network settings, which involves a captive portal where they must enter their email address. When they select the guest network, they get the screen shown at the bottom of the screen. Prior to iOS6, they'd get the web page where they enter their email address and accept our terms of use. This is happening both on upgraded devices and iPhone 5 devices. We haven't changed anything with the access points.
View 11 Replies
View Related
Dec 6, 2012
We put in place 4 devices. Everything is working five (apple IOS6+ not obv...). So when somebody is connecting he have to read our agreement, enter is full name and check the box. (is not personnal session...)How can i have log his name and access hours???? Because a saw is connected when is connected in live on : Captive Portal>Authenticated Clients .But i want to keep a log with this informations + the date/hour if possible.
View 1 Replies
View Related
Aug 1, 2012
Another problem with WAP321 access point. I set up the captive portal for guest access. Connexion is going well, I got IP adress, but then, I open my webrowser to authentificate on the captive portal, and I get a nice "404 not found / file not found" page. If I put the IP adress of the access point in my webrowser, I can get the captive portal homepage. Why the redirection is not working automatically
View 16 Replies
View Related
Sep 18, 2012
There is WLAN with Nortel APs witha captive portal. We are migrating to a Cisco Solution and we have AP 1041 / 1042
How can I configure Captive Portal in the 1041/1042 APs
View 3 Replies
View Related
Feb 23, 2013
I'd like to setup a Captive Portal on our WAP321. We will probably have 50 users (although there will probably be less than 10 simultaneous users). What is the maximum number of Captive Portal users (when using the "local" verification option) that I can create on a WAP321?
View 3 Replies
View Related
Jan 23, 2013
We are thinking of buying a WAP321 to use for captive portal.
Is it possible to configure it so that multiple guests and use the same username and password simultaneously?
If we have 10 guests in the office we don't want to configure 10 usernames for them to use.
View 1 Replies
View Related
Aug 1, 2012
I'm fighting for a few days now to setup the captive portal of 2 wireless access point WAP321. I was able to make it work with local user authentication but now, I want to manage my guest users on active directory. So I setup the captive portal to authentication user with NPS on Windows 2011 SBS.
The problem is that my guest SSID in not encrypted, so the NPS server do not let me login. I try to setup the NPS server like that :
Uncrypted authentification (PAP, SPAP)
Service-Type : Login
View 2 Replies
View Related
Jan 30, 2013
I've just setup a WAP321:
- 2 vlans: 200 & 250
- ip address on vlan 200 (management)
- SSID on vlan 200
- SSID on vlan 250
The LAN port is connected to Cisco Catalyst (Trunk 200,250). In vlan 200, there is the customer lan In vlan 250, there is a box to access to internet.
SSID associated to vlan 200 works properly. But the captive portal associated to vlan 250 doens't work. When we connect to it, and the captive portal is off, we can access to internet (the box give an ip address). But when I setup the captive portal to vap2 (vlan250), we can't access to internet (but the DHCP works properly). We have access to nothing, the page in the browser is blank.
I suspect a mistake with DNS configuration. I have read that the captive portal needs to be associated to vap0, is it true?
In attached files, the wap321 config.
View 5 Replies
View Related
Sep 6, 2012
Was looking at purchasing WAP321 however after looking at the spec's I see it has not got concurrent dual band (2.45Ghz/5Ghz) is there any simular access points with dual band and captive portal?
View 2 Replies
View Related
Jan 5, 2013
Does the Cisco 2500 or 5500 have some sort of built in captive portal.
View 5 Replies
View Related
May 15, 2013
how to setup the wireless interface to forward multicast packets? Basically I cant get the ipads etc.. to see the AppleTV to control it. I connected an AP and it works fine so its got to be something with the way the router handles the packets from teh integrated wireless interface. I've been searching the forum for about 1hr and haven't founf anything other than a breif mention of broadcast forwarding and multicast setup.
View 1 Replies
View Related
Aug 12, 2012
I would like to ask for a cisco wireless router that supports captive portal. I notice that WAP321 supports this but what other additional units should be added in order to accomplish this. Client wants the user to authenticate first and also to see who logs in.
View 0 Replies
View Related
Dec 11, 2012
I have a CT2504 at a customer site which does not load the captive portal page correctly nor will it load via HTTP as opposed to HTTPS.So for starters I did what I do with all my CT2504's (which work fine), I configured my Guest network to authenticate via the default captive portal. I then disabled HTTPS and SSH and enabled HTTP managment followed by rebooting the controller. On boot, logging into the WLC management GUI is automatically presented via HTTP as expected.However when clients access the Guest network they are redirected to the Web Authorisation via HTTPS instead of HTTP?In addtion to the above the captive portal page does not display correctly.The preview via the controller works fine, but the client is presented with a page with broken links to the images i.e. the blue strip at the top and the Cisco logo on the right.
View 3 Replies
View Related
Dec 4, 2012
I have setup a WAP321 and configured it for a captive portal. It is connected to a SG300 switch and the gateway is a SA520.The SA520 is setup with two VLANs. The default of ID 1 and a guest vlan ID 2.
The SA520 is assigning the IP addresses to VLAN ID 2. That is working properly.And the captive portal works fine as long as I have Inter VLAN Routing Enabled on VLAN ID 2. But, I do not want VLAN ID 2 to access the local LAN so I Disabled the setting for VLAN ID 2. If I disable captive portal on the WAP321 with Inter VLAN Routing disabled, everything works fine. No access to VLAN ID 1 and Internet access works fine.
View 2 Replies
View Related
Oct 1, 2012
I have setup a WAP321 with the captive portal activated.2 WLAN networks defined, one for the Normal-user and 1 Guest-user access (with captive portal).
The WAP Management is on its own vlan (vlan 1 ) , network 10.0.0.0 /24
The Normal network has a different vlan (vlan 14) , network 192.168.14.0/24
Guest user(s) are on VLAN143 , 172.16.10.0 /24
So when a guest connects to the wap, the management interface is opened (10.0.0.x), after successful authentication the user is redirected to a predefined site.What i would like to establish is to make it impossible for the Guest-user(s) to access the management portal.
Defining an acl on the management portal is not possible as i would like to use any ip adres on the Normal Network (192.168.14.0/24). Unfortunately you can only define 5 Fixed ipaddresses and not a (sub)-network.
View 1 Replies
View Related
Jan 29, 2013
I successfully install 4 WAP321 in my company. Everything works... except captive portal on IOS, android and firefox. moreover, I notice that firefox (and android, not sure for IOS...) works ONLY if I copy/paste internet local address from IE to FIREFOX [URL] ...
To my mind, the problem is INSIDE WAP321 OS...
I openend a CISCO's case, and they allready know this problem. When I started to explain my issue, He said "oh yeah the pink page?".
View 11 Replies
View Related
Oct 22, 2012
A customer of ours has the following access points and wireless lan controllers on site. They want to use the Apple Bonjour service with Apple TV's and iPads. I have enabled multicast feature of the 5508 globally and one the SSID.The Apple TV has an ethernet connection and the iPads connect over the wifi. The Apple tv is on the same subnet as the iPad's - the Bonjour features do work for approx 5/10 minutes then it stops working for some reason. The Access Points plug into a Cisco 2960 Layer 2 switch, the 5508 controllers plug are in LAG mode and plug into a Nortel Layer 3 stack which I have enabled IGMP snooping.I've read that the Apple Bonjour service isnt designed to work on a multi subnet network - but both the Apple TV and iPad are connected on the same subnet. Sounds like some kind of timeout but not too sure.
View 5 Replies
View Related
Dec 12, 2011
Configuring captive portal on an 881 router?
View 1 Replies
View Related
Nov 7, 2012
Is there a way to disable this function? I have a client with only a single IP address. SSL port 443 is used for a web server, so Anyconnect SSL is now listening on a different port.
When we changed the port and updated the client profile, the client now thinks there is a captive portal inbetween and requires the user to authenticate first via web. Doing so works fine but is now adding this additional step to the login process.
I don't understand why Anyconnect (knowing from the profile that the VPN client is on another port) is still obviously looking on 443.
View 4 Replies
View Related
Jul 25, 2012
I have recently deployed a wireless network using a WLC 2504 with 21 Light APs. All seems fine except that Apple Devices drop their connections every 15 minutes or so. A couple of minutes later they can reconnect but obviously something is wrong.
View 2 Replies
View Related
