I believe the current way of doing the captive portal will not work with HTTPS. Basically, the WLC allows the 3-way tcp handshake to complete and then intercepts the HTTP GET from the client, redirecting the client to your local webserver for login (or accept TOS etc.) With HTTPS, that HTTP GET is encrypted, so the WLC never see's it, hence can not respond on behalf of the "real" destination webserver.
Mike Albano On Fri, Feb 14, 2014 at 3:00 PM, Curtis K. Larsen <[email protected]>wrote: > Hello, > > I have a Cisco WiSM2 with a WLAN configured to use MAC-Auth, and > RADIUS-NAC with a Pre-Auth ACL that only allows clients to re-direct to an > external captive portal server. I am seeing that regular http requests get > re-directed fine, but https requests never get sent from the controller to > the external captive portal server. > > I have opened a TAC case and I am waiting for a response but in the > meantime I came across this bug CSCar04580 which indicates that the WLC > does not re-direct for https, but http only. It says it is resolved on 8.0 > code. This means anyone with a home page set to an https address may think > the page is not working. > > I have not tried this specific test with Cisco ISE, but it seems to me the > same problem would be present as it also uses the RADIUS-NAC and Pre-Auth > ACL methods. Has anyone else encountered this and found a work-around? > Let me know. > > > Thanks, > > Curtis Larsen > University of Utah > Wireless Network Engineer > > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
