Web Authentication Proxy on a Wireless LAN Controller Configuration Example

Similar documents
Securing Wireless LAN Controllers (WLCs)

Wireless LAN Controller Web Authentication Configuration Example

Web Authentication Proxy Configuration Example

Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)

Configure Multicast on Cisco Mobility Express AP's

WLC 7.0 and Later: VLAN Select and Multicast Optimization Features Deployment Guide

Multicast VLAN, page 1 Passive Clients, page 2 Dynamic Anchoring for Clients with Static IP Addresses, page 5

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Wireless LAN Controller (WLC) Mobility Groups FAQ

Configuring FlexConnect Groups

Wireless LAN Controller Module Configuration Examples

Configuring FlexConnect Groups

Workgroup Bridges. Cisco WGBs. Information About Cisco Workgroup Bridges. Cisco WGBs, page 1 Third-Party WGBs and Client VMs, page 9

Wireless LAN Controller Mesh Network Configuration Example

CMX Connected Experiences- Social, SMS and Custom Portal Registration Configuration Example

Web Authentication Using LDAP on Wireless LAN Controllers (WLCs) Configuration Example

Configuring Client Profiling

Wireless LAN Controller Mesh Network Configuration Example for Releases 5.2 and later

Readme for ios 7 WebAuth on Cisco Wireless LAN Controller, Release 7.4 MR 2

Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC)

Identity Services Engine Guest Portal Local Web Authentication Configuration Example

Configuring DHCP. Restrictions for Configuring DHCP for WLANs. Information About the Dynamic Host Configuration Protocol. Internal DHCP Servers

Cisco Wireless Devices Association Matrix

NTP on Wireless LAN Controllers Configuration Example

Administration of Cisco WLC

Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3

Configuring OfficeExtend Access Points

Configuring DHCP. Restrictions for Configuring DHCP for WLANs. Information About the Dynamic Host Configuration Protocol. Internal DHCP Servers

DHCP. DHCP Proxy. Information About Configuring DHCP Proxy. Restrictions on Using DHCP Proxy

Configuring Funk RADIUS to Authenticate Cisco Wireless Clients With LEAP

Switch and Wireless LAN Controller Configuration Required to Support Cisco ISE Functions

Administration of Cisco WLC

CRS Historical Reports Schedule and Session Establishment

Verify Radius Server Connectivity with Test AAA Radius Command

FlexConnect. Information About FlexConnect

Real4Test. Real IT Certification Exam Study materials/braindumps

Trusted AP Policies on a Wireless LAN Controller

Configuring AP Groups

Cisco TrustSec How-To Guide: Universal Configuration for the Cisco Wireless LAN Controller

Access Point as a Workgroup Bridge Configuration Example

Using RLX2-IHx Bridging Client on Cisco Wireless Infrastructure

LAB: Configuring LEAP. Learning Objectives

Using Cisco Workgroup Bridges

Configure Flexconnect ACL's on WLC

Deployment Guide for Cisco Guest Access Using the Cisco Wireless LAN Controller, Release 4.1

Configuring Hybrid REAP

Multicast/Broadcast Setup

Converting Autonomous Access Points to Lightweight Mode

Converting Autonomous Access Points to Lightweight Mode

WLAN Timeouts. Timeouts. Timeout for Disabled Clients. Session Timeout. Information About Configuring a Timeout for Disabled Clients

AP Connectivity to Cisco WLC

LEAP Authentication on a Local RADIUS Server

Configure n on the WLC

Configuring AP Groups

Interoperability guide Phoenix Contact WLAN clients with Cisco Wireless LAN Controllers (WLC) Published:

Configuring Backup Controllers

Using Access Point Communication Protocols

Cisco Aironet Client Adapter Installation Tips for Windows NT v4.0

Configuring a Basic Wireless LAN Connection

Configuring Web-Based Authentication

Universal Wireless Controller Configuration for Cisco Identity Services Engine. Secure Access How-To Guide Series

Configure to Secure a Flexconnect AP Switchport with Dot1x

Chromecast as mdns Service in order to Cast Screen Configuration on WLC

FortiNAC. Cisco Airespace Wireless Controller Integration. Version: 8.x. Date: 8/28/2018. Rev: B

Configuring the Switch for Access Point Discovery

Software-Defined Access Wireless

High Availability (AP SSO) Deployment Guide

AP Power and LAN Connections

Software-Defined Access Wireless

Lesson Overview & Objectives

Per-WLAN Wireless Settings

2016 Braindump2go Valid Cisco Exam Preparation Materials:

Table of Contents X Configuration 1-1

Ensure that you meet these requirements before you attempt this configuration:

AOS-W 6.4. Quick Start Guide. Install the Switch. Initial Setup Using the WebUI Setup Wizard

Examples and Technotes, Cisco IOS XE Release Denali

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

TECHNICAL NOTE UWW & CLEARPASS HOW-TO: CONFIGURE UNIFIED WIRELESS WITH CLEARPASS. Version 2

Editing WLAN SSID or Profile Name for WLANs (CLI), page 6

User Guide TL-R470T+/TL-R480T REV9.0.2

For more information, see "Provision APs for Mesh" on page 6 6. Connect your APs to the network. See "Install the APs" on page 6

ISE with Static Redirect for Isolated Guest Networks Configuration Example

Configuring the WMIC for the First Time

Dynamic VLAN Assignment with WLCs based on ACS to Active Directory Group Mapping Configuration Example

Template information can be overridden on individual devices.

Cisco Catalyst 6500 Series Wireless LAN Services Module: Detailed Design and Implementation Guide

Q&As. Implementing Cisco Unified Wireless Voice Networks (IUWVN) v2.0. Pass Cisco Exam with 100% Guarantee

What Is Wireless Setup

CCIE Wireless v3.1 Workbook Volume 1

CCIE Wireless v3 Lab Video Series 1 Table of Contents

VIEW Certified Configuration Guide. Cisco

Managing Rogue Devices

Software-Defined Access Wireless

Cisco 4400 Series Wireless LAN Controllers PEAP Under Unified Wireless Networks with Microsoft Internet Authentication Service (IAS)

The information in this document is based on these software and hardware versions:

Configuring Web-Based Authentication

P ART 3. Configuring the Infrastructure

Ethernet Bridging in Point Point Wireless Mesh Network Configuration Example

Template information can be overridden on individual devices.

Wireless Domain Services FAQ

Transcription:

Web Authentication Proxy on a Wireless LAN Controller Configuration Example Document ID: 113151 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Proxy on a WLC Configure Web Authentication Proxy on a WLC Configurations Verify Related Information Introduction This document provides a configuration example for using the Web Authentication Proxy feature on a Wireless LAN Controller (WLC). Prerequisites Requirements Make sure that you meet these requirements before you attempt this configuration: Have knowledge of the configuration of Lightweight Access Points (LAPs) and Cisco WLCs. Have knowledge of Lightweight Access Point Protocol (LWAPP)/Control and Provisioning of Wireless Access Points (CAPWAP). Have knowledge of web authentication. Components Used The information in this document is based on these software and hardware versions: Cisco 4400 WLC that runs firmware release 7.0.116.0 Cisco 1130AG Series LAP Cisco 802.11a/b/g Wireless Client Adapter that runs firmware release 4.2 The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Web Authentication Proxy on a WLC This document assumes that the reader has prior knowledge of web authentication and those steps involved in configuring web authentication on Cisco WLCs. If you are a new user, read these documents which explain the web authentication process in detail: Wireless LAN Controller Web Authentication Configuration Example External Web Authentication with Wireless LAN Controllers Configuration Example Troubleshooting Web Authentication on a Wireless LAN Controller (WLC) The Web Authentication Proxy feature was introduced with WLC version 7.0.116.0. A web browser has three types of Internet settings that can be configured by the user: Auto Detect System Proxy Manual This feature enables clients that have manual web proxy enabled in the browser to facilitate web authentication with the controller. In a network configured for web authentication, if the client is configured for manual proxy settings, the controller does not listen to such proxy ports and hence the client would not be able to establish a TCP connection with the controller. In effect, the user is unable to get to any log in page to authentication and get access to the network. When the client requests any URL with the Web Authentication Proxy feature enabled, the controller responds with a webpage prompting the user to change the Internet proxy settings to automatically detect the proxy settings. This process prevents the browser's manual proxy settings from getting lost. After configuring this feature, the user can get access to the network through the web authentication policy. By default, this functionality is provided for ports 80, 8080, and 3128 because these are the most commonly used ports for the web proxy server. Configure Web Authentication Proxy on a WLC In this section, you are presented with the information to configure the features described in this document. Configurations Complete these steps in order to configure Web Authentication Proxy using the controller GUI: 1. From the controller GUI, choose Controller > General. 2. In order to enable WebAuth Proxy, choose Enabled from the WebAuth Proxy Redirection Mode drop down list.

3. In the WebAuth Proxy Redirection Port text box, enter the port number of the web authentication proxy. This text box consists of the port numbers on which the controller listens for web authentication proxy redirection. By default, the three ports 80, 8080, and 3128 are assumed. If you configured the web authentication redirection port to any port other than these values, you must specify that value. 4. Click Apply. In order to configure WebAuth Proxy from the CLI, issue this command: config network web auth proxy redirect {enable disable}

Set the web authentication port number using the config network web auth port <port number> command. Once the WLC is configured, save the configuration and reboot the controller in order for the configuration to take effect. Verify To see the current status of the web authentication proxy configuration, issue either the show network summary or show running config command. (Cisco Controller) >show network summary RF Network Name... WLAN LAB Web Mode... Disable Secure Web Mode... Enable Secure Web Mode Cipher Option High... Disable Secure Web Mode Cipher Option SSLv2... Enable Secure Shell (ssh)... Enable Telnet... Enable Ethernet Multicast Forwarding... Disable Ethernet Broadcast Forwarding... Disable AP Multicast/Broadcast Mode... Unicast IGMP snooping... Disabled IGMP timeout... 60 seconds IGMP Query Interval... 20 seconds User Idle Timeout... 300 seconds ARP Idle Timeout... 300 seconds Cisco AP Default Master... Disable AP Join Priority... Disable Mgmt Via Wireless Interface... Disable Mgmt Via Dynamic Interface... Disable Bridge MAC filter Config... Enable Bridge Security Mode... EAP More or (q)uit Mesh Full Sector DFS... Enable Apple Talk... Disable AP Fallback... Enable Web Auth Redirect Ports... 80 Web Auth Proxy Redirect... Enable Fast SSID Change... Disabled 802.3 Bridging... Disable IP/MAC Addr Binding Check... Enabled Now, let's connect a Wireless Client to the Guest SSID that we have configured for web authentication.

Assuming you have an internal DHCP server, the client connects to the WLAN Guest1 and acquires an IP address. When the client tries to access a URL (for example, www.cisco.com), since manual proxy is enabled on the client browser, the controller using the web authentication proxy feature responds with a webpage prompting the user to change the Internet proxy settings to automatically detect the proxy settings. At this point, the client is aware that the manual proxy settings need to be disabled. Here, you can see how to disable the manual proxy settings on Firefox version 3.6. 1. From the Firefox browser, select Tools > Options, and then select Advanced. 2. Click the Network tab, and then select Settings.

3. In the Connection Settings window, select Auto detect proxy settings for this network.

Once this is completed, refresh the browser and try accessing the URL again. This time, you will be redirected to the Web Authentication page. The client can provide you with credentials and you can log in to the guest network. Related Information Wireless LAN Controller Web Authentication Configuration Example External Web Authentication with Wireless LAN Controllers Configuration Example Troubleshooting Web Authentication on a Wireless LAN Controller (WLC) Cisco Wireless LAN Controller Configuration Guide, Release 7.0.116.0 Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2014 2015 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Jul 27, 2011 Document ID: 113151

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback