User guide
7-26
Cisco WLAN Controller Web Interface User Guide
OL-7416-04
Chapter 7 Management Menu Bar Selection
Web Login Page
External Web Authentication
The following steps describe how external web authentication works.
How External Web Authentication Works
Step 1 When you open a web browser with a URL say www.yahoo.com, it is verified for authentication. If it is
not authenticated, the controller forwards the request to the controller web server to collect
authentication details.
Step 2 The controller web server then re-directs the user to the external web server URL. The external web
server leads the user to a login page. At this point, the user is also allowed to access the ‘Walled Garden
Sites’ (Walled Garden sites are a group of websites that users can browse before they are authenticated
on to your wireless network).
Note For a Cisco 2000 Series Wireless LAN Controller, you MUST configure a pre-authentication ACL on
the WLAN for the external web server. This ACL should then be set as WLAN pre-authentication ACL
under Web Policy. However, you do not need to configure any pre-authentication ACL for Cisco 4100
Series Wireless LAN Controllers and Cisco 4400 Series Wireless LAN Controllers.
Step 3 The login request is sent back to the action URL of the controller web server. The controller web server
submits the username and password for authentication.
Step 4 The controller application initiates the RADIUS server request and authenticates the user.
Step 5 If successful, the controller web connects the client and the controller web server forwards the user to
the configured re-direct URL or to the initially requested URL (www.yahoo.com).
Step 6 If user authentication fails, the controller web server re-directs the user to the URL of the user login
page.
Cisco Support for External Web Authentication
• External Web Authentication login URL: The controller allows you to configure the login URL by
making use of a flag to turn on the External Web Authentication mode. If this is configured, the user
will be re-directed to the customized login page instead of Cisco’s default Web Authentication page.
• CLI commands for External Web Authentication: The following commands are available for
configuring external web authentication:
custom-web ext-webauth-url <url>
custom-web ext-webauth-mode enable
• Provide AP MAC address: The controller web server appends the MAC address of the AP with
which the user is associated to the external webauth URL.
• Provide the connect back URL: The external webauth URL is appended with the controller web
server URL that can be used by you to connect back and forward the user credentials.