Internal Web Authentication with Cisco WLC

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this video explains how to configure internal web authentication using Cisco wireless controller or Cisco WLC to configure internal web authentication the following components are required a Cisco wireless controller a lightweight access point a vileness adapter a switch to connect the Cisco wireless controller to the lightweight access point and access to a reducer in a lab server as required this is the network setup for internal web authentication using the local database of Cisco wireless controller you can also connect a radius or an LDAP server and use the databases for authentication before configuring internal web authentication using Cisco wireless controller ensure that you have the following a Cisco wireless controller configured for basic operation a dhcp server a dns server internet access lightweight access points registered with cisco WLC a virtual interface configured with the non-routable IP address and a W lab client with an HTML browser with JavaScript enabled in order to verify whether a virtual interface is configured do the following in the cisco WLC web UI top menu click the controller tab in the left navigation pane click interfaces in the interfaces page ensure that an interface named virtual exists and is configured with a non-routable IP address click the interface named virtual in the interfaces edit page verify whether a value has been configured for the DNS host name field this is to ensure that the same DNS hostname value is configured on DNS servers used by clients this video configures the displayed values on Cisco WLC note that the values shown here are for representational purposes only we now move on to the actual configuration of internal web authentication to configure internal web authentication do the following create a VLAN interface configure Cisco WLC for internal authentication configure adapt you'll an instance associate it with a VLAN interface and configure security policies configure database for authentication configure a WLAN client for web authentication connect a WLAN client to the network and verify the configuration and monitor your WLAN clients on Cisco WLC this video shows you how to create a VLAN interface enter Cisco WLC web UI top menu click the controller tab in the left navigation pane click interfaces in the interfaces page click new in the upper right corner in the interfaces new page enter values in the interface name and VLAN ID fields click apply in the interfaces edit page configure the values for the VLAN interface which includes an IP address for the VLAN interface a net mask a gateway address the port number that the VLAN interface should map to depending on the connections of the device and address of the networks DHCP server retain the default values for all other parameters click apply this completes the creation of a VLAN interface you this video shows you how to configure Cisco WLC for internal authentication note that the default web authentication type is internal and this is for WLC web UI top menu click the security tab in the left navigation pane click web auth and then web login page in the web login page choose internal from the web authentication type drop-down list in the redirect URL after login field enter the URL of the page to which end-users should be redirected after successful authentication in the web login page click preview in the top right corner to view the default page close the preview page to return to the cisco WLC web UI you can also configure your own headline and message to modify the headline enter the desired text in the headline field you can enter up to 127 characters to modify the message enter the desired text in the message field you can enter up to 2,000 47 characters click apply this completes the configuration of Cisco WLC for internal authentication this video shows you how to add a WLAN instance in the Cisco WLC web UI top menu click the W LANs tab in the W LANs window choose create new from the drop-down list on the top right corner click go in the W LANs new window that is displayed choose W LAN from the type drop-down list in the profile name field enter name for the W Lang in the SSID field enter a WLAN SSID click apply in the W lines edit window that is displayed enable the W Lang by checking the status check box from the interface interface group drop-down list choose the VLAN interface that you created previously using the video demonstrating the creation of VLAN interface retain the default values for all other parameters in this page click the security tab click the layer 2 tab choose none from the layer 2 security drop-down list retain the default values for all the other parameters in this page click the layer 3 tab choose web policy from the layer 3 security drop-down list click the authentication radio button click apply click back in the W LANs window that is displayed refer to the security policies column and ensure that the web auth is enabled for the WLAN this completes the configuration of WLAN instance on Cisco WLC let us now look at how to configure a database for authentication there are three databases that you can use to authenticate users on Cisco WLC click the option of your choice you this video shows you how to configure Cisco WLC for local database authentication you can configure guest users on Cisco WLC who are in turn added to the local database of Cisco WLC in the Cisco WLC Webley white top menu click the security tab in the left navigation pane click local net users in the local net users window click new in the top right corner in the local net users new window that is displayed enter values in the username and password fields from the WLAN profile drop-down list choose the WLAN profile configured earlier in the description field add a text describing this user click apply repeat these steps to add multiple users to the database this completes the configuration of the local database with one or more guest users on Cisco WLC this video shows you how to configure Cisco WLC to authenticate users from a radius database step 1 configure the radius server information on Cisco WLC in the Cisco WLC web UI top menu click the security tab in the left navigation pane click radius and then authentication to display a list of configured radius servers in the radius authentication servers window that is displayed click new at the top right corner in the radius authentication servers new window enter the radius server IP address in the shared secret field enter the secret key configured on the radius server for the Cisco WLC retain the port number at the default value choose enabled from the server status drop-down list select the enable checkbox for the network user field retain the default values for all the other parameters click apply step to configure the WLAN with the radius server in the Cisco WLC web UI top menu click the W LANs tab to display the list of configured w LANs in the W LANs window click the WLAN ID of the WLAN you configured earlier in the W LANs edit window that is displayed click the security tab and then the AEA servers tab in the radius servers area choose the configured radius server from the authentic servers drop-down list retain the default values for all the other parameters click apply Cisco WLC is now configured to authenticate users reduce database you this video shows you how to configure Cisco WLC to authenticate users from an LDAP database step 1 configure the LDAP server information on Cisco WLC in the Cisco WLC web UI top menu click the security tab in the left navigation pane click LDAP to open the list of configured LDAP servers in the LDAP servers window that is displayed click new in the top right corner in the LDAP servers new window choose a priority from the server index drop-down list this specifies the priority for the LDAP server in relation to other configured LDAP servers if any you can configure up to 17 servers if Cisco WLC cannot reach the first server it tries the second one from the list and so on in the server IP address field enter the IP address of the LDAP server in the port number field enter the LDAP servers TCP port number the default value is 3 8 9 choose enabled from the enable server status drop-down list from the simple bind drop-down list choose anonymous or authenticated to specify the local authentication bind method for the LDAP server the anonymous option allows anonymous access to the LDAP server the authenticated option requires the username and password for secure access the default value is anonymous if you choose authenticated the bind username and bind password fields are displayed enter values in these feels for local authentication to the LDAP server in this example we have chosen anonymous in the user base DN field enter the distinguished name of the subtree of the LDAP server that contains a list of all users in the user attribute field enter the name of the attribute in the user record that contains the user name you can obtain this attribute from your directory server in the user object type field enter the value of the LDAP object type attribute that identifies the record as a user record often user records at several values for the object type attribute some of which are unique to a user and some of which are shared with other object types in the server timeout field enter the number of seconds between retransmissions choose the security mode from the secure mode drop-down list click apply step to configure WLAN with the LDAP server in the Cisco WLC web UI top menu click the WLAN stab in the W LANs window click the WLAN ID of the WLAN you configured earlier in the W LANs edit window click the security tab click the AEA servers tab in the radius servers area uncheck the enable check boxes and authentication servers and accounting servers in the authentication priority order for web or user area in the order used for authentication list click LDAP and then the up button to move LDAP about radius LDAP server authentication will now have a higher priority over radius server authentication click apply Cisco WLC is now configured to authenticate users from an LDAP database this video shows you how to configure WLAN client for web authentication log into a client machine that is in proximity to an access point configured for Cisco WLC from the Windows Start menu choose control panel network and Internet view Network Status and tasks in the network and sharing center window that is displayed click manage wireless networks in the left navigation pane in the manage wireless networks window click Add click manually create a network profile in the network name field enter the WLAN SSID name from the security type drop-down list choose no authentication or open click Next click close you you this video shows you how to connect a WLAN client to a network configured on Cisco WLC login to a client machine that is in proximity to an access point configured for Cisco WLC connect to the network configured using Cisco WLC open a browser window and access the Internet you will be directed to the web authentication page in the login window that is displayed enter the username and password of a user configured on Cisco WLC authentication database if your login is successful you will see two browser windows the larger window indicates successful login you can use this window to browse the Internet use the smaller window to log out at the end of the session let us now see how to monitor your WLAN clients on Cisco WLC in the Cisco WLC web UI top menu click the monitor tab in the left navigation pane click clients in the clients window that is displayed you can see the clients and details such as the IP address assigned to each client by the DHCP click the client MAC address of your choice to monitor the details of a specific client for instance the Policy Manager state field identifies the state of the client connection you you

Info

Channel: Cisco Community

Views: 64,414

Rating: 4.8114476 out of 5

Keywords: Wireless LAN Controller, Computer Network (Industry), WLC

Id: I7nNYamB2NY

Channel Id: undefined

Length: 26min 58sec (1618 seconds)

Published: Thu Dec 03 2015