Security

Reply
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Cisco WLC

[ Edited ]
Anyone doing mac-auth with an open SSID on a CiSCO WLC with a captive portal on Mac failure. We have a Cisco WLC.

We can get mac-auth working and authentication with the local web auth service but when we combine both so we have mac filter with a web policy on Mac failure. It doesn't work well on iOS devices. Windows pcs work okay but iPads and iPhones are not user friendly.

All works well on aruba controller.

Thanks
Aruba Employee
Posts: 148
Registered: ‎11-25-2009

Re: Cisco WLC

IOS devices behave differently for the captive portal authentication after you upgrade to IOS 6.0.  they will try communicating to apple.com and will expect a message "success" over html. 

 

MY 2 cents :)

 

But if its something thats not working in Cisco WLC, i recomend to contact CISCO tac. 

 

Vinod Kumaar AVM ACMX, ACDX
Principal Network Engineer
Customer Advocacy | Aruba Networks Inc.

Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

Re: Cisco WLC

[ Edited ]

I sent you a PM but thought I'd post here for others as well.

 

vkumaar is correct, they try to do a lookup on www.apple.com, but I'm blocking Web Traffic to anything except my CP-Guest Server, so I believe its simply a DNS lookup and ICMP response to the clients.  You can do a couple things, you can add an IP Address for Apple's Website into your Pre-Authentication ACL, or, My suggestion, would be to add the following lines to the same ACL:

 

Policy.jpg

 

Doing this took care of all my Captive Portal Apple issues. 

I know, with the old Amigopod, you could add a "/landing.php?/" to the front of your registration page link, and it would Bypass the Apple portion of the captive portal.  I have not tried it lately so I do not know if that is still being used with the newer versions of Clearpass Guest.  When I move to Clearpass 6.2 in the coming months, I might look at it again.  Any developers know for sure if this still is the case with CP 6.2 and up?

Search Airheads
Showing results for 
Search instead for 
Did you mean: