Web Authentication Proxy on a Wireless LAN Controller Configuration Example



Similar documents
Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Microsoft Windows 2003 DNS Server for Wireless LAN Controller (WLC) Discovery Configuration Example

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

Table of Contents. Cisco Wi Fi Protected Access 2 (WPA 2) Configuration Example

Deployment Guide: Cisco Guest Access Using the Cisco Wireless LAN Controller

Deploying Cisco Basic Wireless LANs WDBWL v1.1; 3 days, Instructor-led

Configuration of Cisco Autonomous Access Point with 802.1x Authentication for Avaya 3631 Wireless Telephone

CCT vs. CCENT Skill Set Comparison

Initial Access and Basic IPv4 Internet Configuration

Unity Error Message: Your voic box is almost full

Wireless Network Configuration Guide

Configuring Cisco CallManager IP Phones to Work With IP Phone Agent

Web Authentication Application Note

Generate CSR for Third Party Certificates and Download Unchained Certificates to the WLC

From Release 8.0, IPv6 can also be used to configure the LDAP server on the controller.

Lab Organizing CCENT Objectives by OSI Layer

Configuring Avaya 1120E, 1140E, 1220 and 1230 IP Deskphones with Avaya IP Office Release 6.1 Issue 1.0

Vocera WLAN Requirements and Best Practices. B3000n Compatible

Installing Windows 95 Drivers and Utilities for the Cisco Aironet 340/350 Series Client Adapters

Ruckus Wireless ZoneDirector Command Line Interface

ACS 5.x and later: Integration with Microsoft Active Directory Configuration Example

How To - Implement Clientless Single Sign On Authentication with Active Directory

Vocera Infrastructure Planning Summary. B3000n Compatible

AP6511 First Time Configuration Procedure

Ethernet 241 Discovery Tool User Manual

Chapter 3 Management. Remote Management

Hands-on MESH Network Exercise Workbook

VPN 3000 Concentrator Bandwidth Management Configuration Example

Classroom Management network FAQ and troubleshooting

D-Link DAP-1360 Repeater Mode Configuration

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

SAML 2.0 SSO Deployment with Okta

Using Templates. Information About Templates. Accessing the Controller Template Launch Pad CHAPTER

How To Connect Xbox 360 Game Consoles to the Router by Ethernet cable (RJ45)?

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Chapter 1 Configuring Internet Connectivity

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

Chapter 4 Management. Viewing the Activity Log

Catalyst Layer 3 Switch for Wake On LAN Support Across VLANs Configuration Example

Wireless Local Area Networks (WLANs)

Lab Configuring Access Policies and DMZ Settings

Unity Express Voice Mail Transfer Behavior

Checking SQL Server or MSDE Version and Service Pack Level

Integrating a Hitachi IP5000 Wireless IP Phone

Wireless LAN Apple Bonjour Deployment Guide

STATIC IP SET UP GUIDE

estadium Project Lab 8: Wireless Mesh Network Setup with DD WRT

Managing Web Authentication

Configuring the Device for Access Point Discovery

ARUBA WIRELESS AND CLEARPASS 6 INTEGRATION GUIDE. Technical Note

Wireless LAN Controller (WLC) Design and Features FAQ

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

On-boarding and Provisioning with Cisco Identity Services Engine

Chapter 1 Configuring Basic Connectivity

UAG Series. Application Note. Unified Access Gateway. Version 4.00 Edition 1, 04/2014. Copyright 2014 ZyXEL Communications Corporation

UAG4100 Support Notes

Welch Allyn Acuity Network installation. Best practices

Features Description Benefit AP-7131N support Adaptive AP Support for the AP7131N-GR and AP7131N- GRN

Abstract. Avaya Solution & Interoperability Test Lab

User Manual Network Interface

FAQs: MATRIX NAVAN CNX200. Q: How to configure port triggering?

LevelOne WAP User s Manual. 108 Mbps Wireless Access Point

How to connect to the Middle Country Public Library Wireless Network (mcpl-ap) using Windows XP

IEEE A/G Access Point

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Document ID: Contents. Introduction. Prerequisites. Requirements. Components Used. Related Products. Conventions. 802.

TMS Phone Books Troubleshoot Guide

UCS iscsi Boot Configuration Example

ASA 8.3 and Later: Enable FTP/TFTP Services Configuration Example

Network Load Balancing

PIX/ASA 7.x with Syslog Configuration Example

Quick Start Guide. WAP371 Wireless AC/N Dual Radio Access Point with Single Point Setup Quick Start Guide. Cisco Small Business

ISE TACACS+ Configuration Guide for Cisco NX-OS Based Network Devices. Secure Access How-to User Series

Configuration Manual English version

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Historical Reporting Client (HRC) User Login Fails

Management Software. User s Guide AT-S84. For the AT-9000/24 Layer 2 Gigabit Ethernet Switch. Version Rev. B

CONNECTING THE RASPBERRY PI TO A NETWORK

DV230 Web Based Configuration Troubleshooting Guide

Configuring the Avaya B179 SIP Conference Phone with Avaya Aura Communication Manager and Avaya Aura Session Manager Issue 1.0

Quick Installation Guide Network Management Card

Mobility System Software Quick Start Guide

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 via TFTP Using the tftpdnld ROMmon Command

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

File Transfer Examples. Running commands on other computers and transferring files between computers

Configuring DNS on Cisco Routers

Massey University Wireless Network Client Configuration Windows 7

IP Phone Configuration and Troubleshooting Guide

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

Table of Contents. Cisco How to Download a Software Image to a Cisco 2600 through TFTP Using the tftpdnld ROMmon Command

Interlink Networks Secure.XS and Cisco Wireless Deployment Guide

How to Configure Captive Portal

CT5760 Controller and Catalyst 3850 Switch Configuration Example

Quick Installation Guide

1 DDW2600 (U10C037) Wireless Cable Modem: FAQ

User-ID Best Practices

ProCurve Networking. Troubleshooting WLAN Connectivity. Technical White paper

Transcription:

Web Authentication Proxy on a Wireless LAN Controller Configuration Example Document ID: 113151 Contents Introduction Prerequisites Requirements Components Used Conventions Web Authentication Proxy on a WLC Configure Web Authentication Proxy on a WLC Configurations Verify Related Information Introduction This document provides a configuration example for using the Web Authentication Proxy feature on a Wireless LAN Controller (WLC). Prerequisites Requirements Make sure that you meet these requirements before you attempt this configuration: Have knowledge of the configuration of Lightweight Access Points (LAPs) and Cisco WLCs. Have knowledge of Lightweight Access Point Protocol (LWAPP)/Control and Provisioning of Wireless Access Points (CAPWAP). Have knowledge of web authentication. Components Used The information in this document is based on these software and hardware versions: Cisco 4400 WLC that runs firmware release 7.0.116.0 Cisco 1130AG Series LAP Cisco 802.11a/b/g Wireless Client Adapter that runs firmware release 4.2 The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command. Conventions Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Web Authentication Proxy on a WLC This document assumes that the reader has prior knowledge of web authentication and those steps involved in configuring web authentication on Cisco WLCs. If you are a new user, read these documents which explain the web authentication process in detail: Wireless LAN Controller Web Authentication Configuration Example External Web Authentication with Wireless LAN Controllers Configuration Example Troubleshooting Web Authentication on a Wireless LAN Controller (WLC) The Web Authentication Proxy feature was introduced with WLC version 7.0.116.0. A web browser has three types of Internet settings that can be configured by the user: Auto Detect System Proxy Manual This feature enables clients that have manual web proxy enabled in the browser to facilitate web authentication with the controller. In a network configured for web authentication, if the client is configured for manual proxy settings, the controller does not listen to such proxy ports and hence the client would not be able to establish a TCP connection with the controller. In effect, the user is unable to get to any log in page to authentication and get access to the network. When the client requests any URL with the Web Authentication Proxy feature enabled, the controller responds with a webpage prompting the user to change the Internet proxy settings to automatically detect the proxy settings. This process prevents the browser's manual proxy settings from getting lost. After configuring this feature, the user can get access to the network through the web authentication policy. By default, this functionality is provided for ports 80, 8080, and 3128 because these are the most commonly used ports for the web proxy server. Configure Web Authentication Proxy on a WLC In this section, you are presented with the information to configure the features described in this document. Configurations Complete these steps in order to configure Web Authentication Proxy using the controller GUI: 1. From the controller GUI, choose Controller > General. 2. In order to enable WebAuth Proxy, choose Enabled from the WebAuth Proxy Redirection Mode drop down list.

3. In the WebAuth Proxy Redirection Port text box, enter the port number of the web authentication proxy. This text box consists of the port numbers on which the controller listens for web authentication proxy redirection. By default, the three ports 80, 8080, and 3128 are assumed. If you configured the web authentication redirection port to any port other than these values, you must specify that value. 4. Click Apply. In order to configure WebAuth Proxy from the CLI, issue this command: config network web auth proxy redirect {enable disable}

Set the web authentication port number using the config network web auth port <port number> command. Once the WLC is configured, save the configuration and reboot the controller in order for the configuration to take effect. Verify To see the current status of the web authentication proxy configuration, issue either the show network summary or show running config command. (Cisco Controller) >show network summary RF Network Name... WLAN LAB Web Mode... Disable Secure Web Mode... Enable Secure Web Mode Cipher Option High... Disable Secure Web Mode Cipher Option SSLv2... Enable Secure Shell (ssh)... Enable Telnet... Enable Ethernet Multicast Forwarding... Disable Ethernet Broadcast Forwarding... Disable AP Multicast/Broadcast Mode... Unicast IGMP snooping... Disabled IGMP timeout... 60 seconds IGMP Query Interval... 20 seconds User Idle Timeout... 300 seconds ARP Idle Timeout... 300 seconds Cisco AP Default Master... Disable AP Join Priority... Disable Mgmt Via Wireless Interface... Disable Mgmt Via Dynamic Interface... Disable Bridge MAC filter Config... Enable Bridge Security Mode... EAP More or (q)uit Mesh Full Sector DFS... Enable Apple Talk... Disable AP Fallback... Enable Web Auth Redirect Ports... 80 Web Auth Proxy Redirect... Enable Fast SSID Change... Disabled 802.3 Bridging... Disable IP/MAC Addr Binding Check... Enabled Now, let's connect a Wireless Client to the Guest SSID that we have configured for web authentication.

Assuming you have an internal DHCP server, the client connects to the WLAN Guest1 and acquires an IP address. When the client tries to access a URL (for example, www.cisco.com), since manual proxy is enabled on the client browser, the controller using the web authentication proxy feature responds with a webpage prompting the user to change the Internet proxy settings to automatically detect the proxy settings. At this point, the client is aware that the manual proxy settings need to be disabled. Here, you can see how to disable the manual proxy settings on Firefox version 3.6. 1. From the Firefox browser, select Tools > Options, and then select Advanced. 2. Click the Network tab, and then select Settings.

3. In the Connection Settings window, select Auto detect proxy settings for this network.

Once this is completed, refresh the browser and try accessing the URL again. This time, you will be redirected to the Web Authentication page. The client can provide you with credentials and you can log in to the guest network. Related Information Wireless LAN Controller Web Authentication Configuration Example External Web Authentication with Wireless LAN Controllers Configuration Example Troubleshooting Web Authentication on a Wireless LAN Controller (WLC) Cisco Wireless LAN Controller Configuration Guide, Release 7.0.116.0 Technical Support & Documentation Cisco Systems Contacts & Feedback Help Site Map 2012 2013 Cisco Systems, Inc. All rights reserved. Terms & Conditions Privacy Statement Cookie Policy Trademarks of Cisco Systems, Inc. Updated: Jul 27, 2011 Document ID: 113151

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information