Cisco Wireless :: Why Is Web Page Auth On MAC Filter Failure Also Not Working On 5508

Jul 22, 2012

I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
 
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
 
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth. I know I can get around this by just creating two separate SSIDs. But the business is used to just having the one SSID for all guest traffic. Is this a known limitation when anchoring SSIDs to controllers in the DMZ ?

View 1 Replies


ADVERTISEMENT

Cisco Wireless :: 5508 - WebPage Auth On MAC Filter Failure Not Working On Anchor

Nov 1, 2011

I have implemented a Guest WLAN solution as per the recommended design from Cisco. We have two internal WiSM2 controllers providing services for Internal secure SSIDs. Both these controllers are members of a Mobility and RF management group.
 
Two 5508 controllers have been installed in our DMZ for resilience and have been placed into a separate Mobility group. All controllers (internal and external) have been linked together as mobility neighbours in a full mesh and a new SSID for Web Guest traffic has been anchored to the controllers in the DMZ.
 
Web page authentication works perfectly fine, but I cannot for the life of me get the MAC filtering override to work, i.e. if a MAC address is present, do not redirect to the splash page for web auth.

View 6 Replies View Related

Cisco Wireless :: WLC 5508 Web Auth Splash Page - Possible To Place Download

Apr 16, 2012

I know it is possible to create custom web auth splash pages on the WLC 5508. Is it also possible to embedd a small document (less than 1MB) that users can download directly from the controller? I need this for providing the terms of use for the Guest WLAN.

View 3 Replies View Related

Cisco :: Aironet 1040 And Radius Auth Failure?

Sep 24, 2011

I have setup a Cisco Aironet 1040 to connect to our Radius server which I have also configured.
 
I can successfully connect up any Iphone or Ipad but I cannot get any laptop to connect.
 
I have attached the logs showing the Iphone Successfully logging in and the Laptop Failing. Every single failure in the Event log for NPS comes up with
 
Network Policy Server denied access to a user. Contact the Network Policy Server administrator for more information.
 
User:
Security ID:            NULL SID
Account Name:            scottd
Account Domain:            AMSLAN

[Code].....

View 12 Replies View Related

Cisco AAA/Identity/Nac :: Command Auth Failure On ASA5510 Using ACS5.1

Jun 11, 2012

I'm having trouble getting things working on a pair of ASA5510's using Cisco Secure ACS v5.1. We were previously using a much older version of ACS to these (and a lot of other) devices which worked OK for remote access for read/write use. Am in the process of migrating to the new ACS software and have got it working OK to everything (many Cisco switches and other IOS devices) except these ASA5510s.
 
I can get TACACS authenticating fine and am able to log on and go into enable mode. Any subsequent commands are then met with 'command authorization failure', including 'show run', 'conf t' and even 'exit'!
 
My ASA5510 config has not changed, other than to define the new AAA server, which leads me to think its something to do with how I have the ACS user profile set up. I have configured the ACS5.1 device administration Shell Profile to have the maximum privilege level (15) and the command set I'm using has the box checked 'permit any command that is not in the table below'.

View 7 Replies View Related

Cisco Wireless :: 5508 Customized Web-Auth Bundle

May 30, 2012

I am trying to upload a customized web-auth bundle to a WLC 5508 and having some issues.I have downloaded the web-auth bundle from Cisco and used this as a template to create the web pages.I seem to recall that there is only a couple of Windows tools that you can use to TAR the file such as TUGZIP and IZARC. Anyway I have tried both and I still cannot get the file to extract. I have tried to strip the file out so that I only send up the login.html page and even this does not work.I am using a software release 7.0.220.0.

View 6 Replies View Related

Cisco Wireless :: WLC 5508 - Web Auth DNS Host Name Section Not Resolved

Mar 8, 2012

We have recently implemented a 3rd party certificate for the guest access, currently have a WLC 5508 that has a Vlan directly connected to our DMZ firewall and NATed out. The problem is when I have installed a 3rd party certificate as per the following link URL
 
The DNS host name that I entered into the DNS Host name section is not resolved. If I remove the DNS name and leave the virtual ip address 1.1.1.1 then it works fine but just comes back with untrusted message.

View 34 Replies View Related

Cisco Wireless :: Client Can't Get DHCP Address When On-MAC-Filter-failure

Aug 21, 2012

The wireless client can't get the DHCP address when I enable the On-MAC-Filter-failure, MAC Filtering and Web Auth. Client can get the DHCP address when I only enable the Web Auth in the same WLAN SSID. The WiSM verion is v7.0.235.0. [code]

View 1 Replies View Related

Cisco :: 5508 Anchor WLC Web-auth Secure Web

Mar 18, 2013

I am running into an issue with disabling the web-auth secure web on an 5508 anchor WLC running 7.2.110. After the WLC rebooted, the guest authentication portal didn't show up...I could see the IE tab showed Web Auth Redirect though...Changed again the web-auth secure web to enable and rebooted the WLC fixed the issue.

View 4 Replies View Related

Cisco :: 5508 Web-Auth Cert Crashing When Loaded

Sep 24, 2012

I have a cisco 5508 WLC that I have setup WebAuth on and trying to install the certificate on.  I have generated the csr and gotten my cert from Verisign (X.509, server platform=apache).  I have followed the instruction via the cisco documentation url...I found an error in uploading and find out how to encrypt mykey: url...

I am also having exactly the same issue with a certificate from Thawte.  I followed the unchained guide and have tried both with and without a password in the initial step key generation step, requesting a new cert each time. As with Jeensernchew's issue there are no errors in OpenSSL but when uploading the cert to the WLC get the following error. [code] The WLC is running version 6.0.196.0.  I am using OpenSSL 1.0.0 29 Mar 2010.
 
When I requested the cert from Thawte I was asked to specify the device type, I chose Cisco, but as all the work and conversion is being done by OpenSSL, should I have chosen differently? When I do this I can load the cert in the 5508, but the controller fails and doesn't allow that VLAN or config access to the wireless network.  I am at a loss of why I can load and it not work.  I have verified my hostname and password and those are good.

View 1 Replies View Related

Cisco :: 5508 - Disable HTTPS On Web-auth Passthrough

May 16, 2012

I have a guest wireless network setup on a 5508 WLC using 7.2.103.0 firmware. Under my guest WLAN>security>Layer3 tab I have "layer 3 security" as "none", "web policy" as check marked, "passthrough" selected, "over-ride global config" as check marked, "web auth type" as "customized(downloaded), "login page" and "login failure page" as "login.html" selected.
 
I haveI have 4402 WLC's using 7.0.116.0 firmware throughout my company that anchor back to the 5508 for the guest network. The 4402 WLC have the guest network configured as WLAN>security>Layer3 tab I have "layer 3 security" as "none", "web policy" as check marked, "passthrough" selected.
 
I would like to disable the HTTPS for the logon screen and I am not sure what steps need to be done for this. I researched and found the command "config network web-auth secureweb disable". I set the command on the 5508 only and rebooted. When I tested I got a blank webpage with "http://1.1.1.1/fs/customwebauth/login.html?switch_url=http://1.1.1.1/login.html" in the address bar and had no way of clicking the accept button to get to the Internet.
 
Everything works fine again if I enter "config network web-auth secureweb enable" and reboot. Do I need to run the "config network web-auth secureweb disable" command on all the 4402 WLC's that are anchored to the 5508? What could be breaking my login.html page while using only http?

View 3 Replies View Related

Cisco :: Export The Default Web Auth Portal With WLC 5508

Sep 19, 2012

I´m wondering if it`s possible to export the defualt web auth portal(web login page) via tftp to a computer from the Cisco WLC 5508 and then modify it and then import that customized portal to the WLC 5508?

View 6 Replies View Related

Cisco Wireless :: 5508 - Export Mac Filter From Wlan Controller?

Jan 15, 2013

I've seen a discussion about importing mac addresses into the mac filter db on a cisco controller but is there a way to export the mac filter db?  I have a Cisco 5508. 

View 2 Replies View Related

Cisco Wireless :: 5508 - AAA Authentication Failure

Aug 3, 2011

I've set up several local network users (Security > Local Net Users) on the WLC (5508 running 7.0.98.0). Whenever I try to connect with one of these user accounts (I'm testing this out for now), the attempt is unsuccessful and I see an "AAA Authentication Failure for UserName: xxxxxxx User Type: WLAN USER" in the Trap Log. I thought that after trying to authenticate through a RADIUS server, the local user database would be polled and then a user account in that database would be able to authenticate.

View 1 Replies View Related

Cisco Wireless :: AP3502 Registration Failure On WLC 5508

Oct 11, 2011

I am having issues registering Cisco 3502 APs with a WLC 5508. They initially register and then disassociate with the controller and fail to re-register. Is it possible to telnet to AP and factory rest the AP. I get connection refused when I try

View 1 Replies View Related

D-Link DIR-655 :: SBS2008 - Network Filter Blocks LAN Port Access To Admin Page

Oct 16, 2011

I'm using my 655 as a WAP, so nothing is connected to the WAN port.  Since I run a SBS2008 in my home, I also have the 655's DHCP disabled.If I enable Network Filtering, everything inbound/outbound on the LAN ports works except accessing the Admin page.  Even if I put the connecting PC's LAN MAC in the tablet.

View 9 Replies View Related

Cisco Wireless :: 5508 WLC Excessive Client Authentication Association Failure

Jan 29, 2013

I have been noticing in my trap logs that there are an excessive amount of Client Association/Authentication Failures. I cannot figure out why. I have a Cisco 5508 WLC with 81 AP's (1131ag, 1142abgn, 1262N) models. The wireless devices are on a Windows Domain and use 802.1x EAP authentication, authenticating the user and computer info with a RADIUS Server. I look at the logs and all it can tell me is Reason:Unspecified ReasonCode:1. I read that the Reason Code is due to "Client associated but no longer authorized" but to be honest I am not sure what that means.

View 9 Replies View Related

TP-Link ADSL2+ Wireless :: TD-W8960N / URL Filter Is Not Working?

Feb 7, 2013

Model : TD-W8960N
Hardware Version : V1
Firmware Version : 1.4.0 Build 111108 Rel.40398n
ISP : TPG
URL Filter not working
Region : Australia
Model : TD-W8960N
Hardware Version : V1
Firmware Version : 1.4.0 Build 111108 Rel.40398n
ISP : TPG

Cannot get the URL filter to work Just upgraded to latest Firmware but that didn't work?

URL List Type: Deny Allow Disable
Address Port Remove

[URL]

View 1 Replies View Related

Cisco Wireless :: Wlc 5508 Guest Logon Page?

Jun 5, 2012

Where do you turn this option off? i have looked under security and did not see any thing. 

View 1 Replies View Related

Cisco Wireless :: 5508 WLC - Cannot Use Logout Page Customized On NAC

May 21, 2013

I have the following systems in place:

5508 WLC - 7.4.100.00
NAC Guest Server - 2.1.0

I have setup an SSID with external Webauth, which is pointing to the login page on the NAC.All works fine but I cannot use the logout page which is customized on the NAC. I always get the internal default logout.html of the WLC and I cannot customize that.Every customization which I have done to the logout.html (then uploaded it on the WLC) will not be recognized.Is there a way to customize that logout.html?

View 1 Replies View Related

Cisco Wireless :: 5508 Setting Up Guest WLAN With Landing Page

Aug 1, 2012

I've been asked to create 2 wireless networks for guest access. They are to be used by clients of 2 different companies and they have asked for the website of each company to automatically open as a landing page. e.g.

-WLAN1 - password is companyname1 - landing page = www.companyname1.com
-WLAN2 - password is companyname2 - landing page = www.companyname2.com

Is this possible with our 5508 WLC? I have googled it and can see that you can set a web auth page but I need different landing pages depending on which WLAN is connected to.

View 11 Replies View Related

Cisco Wireless :: 5508 WLC External Splash Page With Email Capture

Jul 1, 2012

At present I have a WLC5508 as a guest anchor in a DMZ and a web-auth passthrough WLAN configured.  There is a custom web bundle providing a terms and conditions page.
 
We want to start to capture the minimum data from a user that logs onto the guest wireless ( email address ) and would like to use the check email function on the controller - BUT - at the same time move from using the web bundle locally hosted splashpage on the controller to an external web server provided splashpage / walled garden.
 
From my understanding not sure that this is possible as the email check function is only valid in passthrough I think.

View 6 Replies View Related

Cisco Wireless :: WLC 5508 With IPad / IPod And IPhone - Landing Page Not Appear

Mar 5, 2013

We have a centralized WLC with some branch office with AP's in Flexconnect Mode. The Wlans are configured to use Web Authentication (Landing Page). The Landing Page is Cisco Default.
 
We're experiencing some problem with Apple Devices, on some the Landing Page apperars on some not. The WLC Software is about 1 year old. On a XP machine the landing page doesn't appear too, but you can type in the address manually and it works.
 
Whats the best solution to include the Apple Devices successfully in the WLC Wireless World.

View 9 Replies View Related

Cisco :: 5508 WLC / Guest Wireless - Redirect Page - Username / Password

Feb 19, 2012

I have a 5508 WLC running 6.0.202.0. It functions as the Anchor Controller for the guest network. It sits in our Internet DMZ and is isolated from the rest of the network. It does not connect to AD, ACS, etc. The guest wireless WLAN is configured for Web Policy - Authentication. I have a customized login page. Credential management is done by WCS.
 
Users are connecting to the guest wireless network and entering their creds with no issues using mobile devices (iPad, etc). Then the mobile device goes to sleep / turns off and when they go to use it again, they have to type their creds in again. They dont like retyping their creds throughout the day.
 
good way mitigate the multiple logins? Something like a 'save password' option on the customized page?

View 5 Replies View Related

Cisco Wireless :: Guest WLAN Splash Page To External URL 5508

Feb 10, 2013

I want to setup a webpage for my guest network (no authentication) users. When the client connects to the open guest network and upon opening a browser they would be directed to a survey that I would like them to take, if they don't want to take it they can begin browsing to other sites without issue. How do I do this on a my 5508 WLC?

View 12 Replies View Related

Cisco Wireless :: 5508 - Users With Https Home Page Not Redirected When Using Web Passthrough

Jul 18, 2012

I have a Cisco 5508 running version 7.0.116.0.  This controller hosts an open public wifi that requires users to accept a terms agreement via a Web-Passthrough setup that redirects them to the terms splash page.  For most people this works without any issue.  However, if a user has their homepage for their default browser set to a https site, such as [url]..., then they are never redirected to the terms splash page.  The page will just spin and spin until finally they get a timeout error.

View 7 Replies View Related

Cisco Wireless :: 5508 - Bypass / Remove Certificate Page For Guest User WLAN

Jul 24, 2012

When a guest user first trys to access the "guest" WLAN, they are presented with a "certificate page" before the web athentication page / login  is presented.  The WLC forces an internal redirect to https://1.1.1.1 causing the certificate page to appear.  Can this be bypassed?    I am runiing 5508 with   7.0.220.0. 

View 12 Replies View Related

Cisco :: WLC 5508 - Client Association Failure Null

Feb 21, 2013

I am running WLC 5508 and WCS version 7.0.98.  We are noticing with some of our handheld devices that have Sychip Wireless cards that they constantly have issues communicating.  The error I see on the WCS side is shown below:     
 
Client '00:0b:6c:2f:d0:32 (0.0.0.0)' failed to associate with interface  '802.11b/g' of AP 'HO-BRSales'. The reason code is '0(null)'.

View 11 Replies View Related

D-Link DIR-655 :: Inbound Filter Not Working?

Aug 31, 2011

I am trying to block port scans originating in the Russian Federation, thousands per day.  I entered 77.88.26.0 as the Remote IP Start and 77.88.26.255 as the Remote IP End, setting the action to Deny.  It shows in the inbound filter rules list but my linux server still receives thousands of scans daily from an ip address in that IP netblock.   My DIR-655 is running hardware version A3 and firmware 1.34NA. 

View 8 Replies View Related

Cisco Firewall :: ASA5505 Web Filter Stopped Working

Dec 29, 2011

We care currently using an ASA5505 as our firewall and redirecting web traffic to a S160 Iron port. Recently the web filter stopped working and the only way to get filtering again is to reset the redirection.

1. Is there any available log information to find out about the WCCP process and maybe way it stops?
 
2. Are there keep alive packets or anything of that natural between the ASA and Ironport?

View 1 Replies View Related

Cisco Switching/Routing :: Mac Filter Not Working On 4900 Switch

Aug 28, 2012

VLAN MAC address filter does not seem to be working on my 4900 switch. However the same config works fine when tested on my 3750 & 3560 switches.
 
Since user from different VLANs requires to be blocked, Unicast MAC address filter will not be feasible solution. VACL did not work on my 4506 switch too. K
  
Below is the config done on 4900 switch
 
mac access-list extended ABCpermit host 0003.0de9.d5ea anyexit
!
vlan access-map drop-mac 10

[Code]......

View 2 Replies View Related

Cisco :: 5508 - Web Authentication Login Page Does Not Show

Oct 21, 2011

I am configuring my 5508 WLCs with SW version 7.0.116.0. I configured a guest ssid with web-authentication enabled, but I cannot retrieve the login page on the controller. I configured the virtual interface with the addredd 1.1.1.1 SSID Layer 2 security: None SSID Layer 3 security: Web Policy enabled
 
I join the ssid with clients, receive the IP address correctly however when I try to open a web page, the login page does not appear. When I check the client status I see that it stuck in WEBAUTH_REQD state.

View 16 Replies View Related

Cisco AAA/Identity/Nac :: 5508 Splash Page Web Redirect

Jun 19, 2012

We’re currently using 5508 WLC’s and leveraging Cisco ISE for radius/authentication rule sets.I’m trying to get a splash page to flash and then redirect to a website after a successful authentication to an SSID. Everything on the wireless side works with no splash page (users connect to SSID,authenticate with AD credentials using 802.1X PEAP to our Cisco ISE box, and gain access to the network).When I enable ‘Splash Page Web Redirect’ on the WLC (under L3 security), I’m unclear on the ISE box where I set this up. When I look in the Cisco documention it says:Splash Page Web Redirect—If you select this option, the user is redirected to a particular web page after 802.1X authentication successfully completes. After the redirect, the user has full access to the network. You can specify the splash web page on your RADIUS server. How I specify this on the ISE box? Or am I totally off base?

View 10 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved