When you are authenticated, you gain access to all of the network resources and are redirected to the originally requested URL by default (unless a forced redirect was configured on the WLC). The page was moved to the external web server used by the WLC. With an external WebAuth, the WLC replies with an HTTP response that includes your website IP address and states that the page has moved. The WLC intercepts that request and returns the webauth login page, which mimics the website IP address. The client then sends its HTTP request to the IP address of the website. The client resolves the URL through the DNS protocol. You must receive a DHCP IP address with the address of the DNS server in the options. With web authentication enabled, you are kept in WEBAUTH_REQD where you cannot access any network resource. After that, you are associated, but not in the WLC RUN state. The 802.11 authentication process is open, so you can authenticate and associate without any problems. There is not an all-in-one service set identifier (SSID) for dot1x for employees or web portal for guests. It is intended for the addition of a web portal for employees (who use 802.1x), not guests. WebAuth cannot be configured with 802.1x/RADIUS (Remote Authentication Dial-In User Service) until the WLC Software Release 7.4 is installed and configured simultaneously.Ĭlients must go through both dot1x and web authentication. WebAuth is an authentication method without encryption. It can be combined with any pre-shared key (PSK) security (Layer 2 security policy).Īlthough the combination of WebAuth and PSK reduces the user-friendly portion, it has the advantage to encrypt client traffic. It allows for user-friendly security that works on any station that runs a browser. Web authentication (WebAuth) is Layer 3 security. Web Authentication Inner Processes Web Authentication Position as a Security Feature If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on all WLC hardware models. Prerequisites RequirementsĬisco recommends that you have basic knowledge of WLC configuration. This document describes the processes for Web Authentication on Wireless LAN Controllers (WLC).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |