![]() ![]()
The WLC responds back with a TCP SYN-ACK and the client sends back a TCP ACK to the WLC in order to complete the handshake. It sends a TCP SYN packet for 192.0.2.1 (which is our virtual IP here) to the WLC. Now the client wants to go to and so it tries to open a TCP connection with the virtual IP address of the WLC. The client closes the TCP connection with the IP address, for example This HTML makes the client go to the default webpage URL of the WLC, for example, The HTTP application gateway prepares a HTML body and sends it back as the reply to the HTTP GET requested by the client. ![]() The client sends an HTTP GET packet destined to The WLC intercepts this packet and sends it for redirection handling. The WLC has rules configured for the client and hence can act as a proxy for It sends back a TCP SYN-ACK packet to the client with source as the IP address of The client sends back a TCP ACK packet in order to complete the three-way TCP handshake and the TCP connection is fully established. It sends out a TCP SYN packet destined to the IP address of The client then tries to open a TCP connection with the destination IP address. WLC passes the DNS request to the DNS server and DNS server responds back with a DNS reply, which contains the IP address of the destination which in turn is forwarded to the wireless clients. The client sends out a DNS request for this URL to get the IP for the destination. You open the web browser and type in a URL, for example. This section explains the Web authentication redirection process in detail. Note: When you use an external web server for web authentication, WLC platforms need a pre-authentication ACL for the external web server. This process eventually brings up the login web page. When the client sends the first HTTP GET to TCP port 80, the controller redirects the client to (if this is the virtual IP that is configured) for processing. When web authentication is configured on the WLAN, the controller blocks all traffic (until the authentication process is completed) from the client, except for DHCP and DNS traffic. This lets the web browser know which IP address to send the HTTP GET. In order for the client's web browser to get this far, the client must first obtain an IP address, and do a translation of the URL to IP address (DNS resolution) for the web browser. Web authentication starts when the controller intercepts the first TCP HTTP (port 80) GET packet from the client. Web authentication is typically used by customers who want to deploy a guest-access network. Web authentication can be done either locally on a WLC or over a RADIUS server. It is a simple authentication method without the need for a supplicant or client utility. Web authentication is the only security policy that allows the client to get an IP address before authentication. Edit web portal bundle cisco wlc password#Web authentication is a Layer 3 security feature that causes the controller to not allow IP traffic, except DHCP-related packets/ Domain Name System (DNS)-related packets, from a particular client until that client has correctly supplied a valid username and password with an exception of traffic allowed through a pre-auth access control list (ACL). Edit web portal bundle cisco wlc series#This document can also be used with this hardware:Ĭisco Airespace 3500 Series WLAN ControllerĬisco Airespace 4000 Series Wireless LAN ControllerĬisco Flex 7500 Series Wireless Controllers If your network is live, make sure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on a WLC 5500 that runs firmware version 8.3.121. Edit web portal bundle cisco wlc how to#For information on how to configure web authentication on WLCs, refer to Wireless LAN Controller Web Authentication Configuration Example. Knowledge of how to configure Lightweight Access Point (LAP) and WLC for basic operation.īasic knowledge of web authentication and how to configure web authentication on WLCs. Knowledge of Control and Provisioning of Wireless Access Points (CAPWAP). Prerequisites RequirementsĬisco recommends that you have knowledge of these topics: This document provides tips in order to troubleshoot web authentication issues in a Wireless LAN Controller (WLC) environment. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |