Web authentication differs from other methods of authentication as it presents the user with content to read and interact with before giving full access to the network.
It can prompt for user credentials, display information about the enterprises network they are connecting too, or terms and conditions on the networks purpose and use.
The user must open a web browser to view and interact with this content.
WebAuth authentication can be used as a layer on top of Open Authentication, PSK based authentication or EAP based authentication
WebAuth can be handled locally on the WLC for smaller environments through Local Web Authentication (LWA). Local Web Authentication can be used in a number of different modes:
- LWA with an internal database
- LWA with an external database on a RADIUS server or LDAP
- LWA with an external redirect after authentication
- LWA with an external splash page redirect via an internal database on WLC
- LWA with passthrough but requires user acknowledgement
When there many controllers involved that provide the web authentication, it makes sense to use a centralised database solution such as a RADIUS Server like ISE so reduce administration overhead.
The web authentication page can be moved onto a centralised server too, known as central web authentication.
Configuration of Web Auth
To active WebAuth for a network, on the Security -> Layer 3 tab select the Security Type of Web Policy.
The local web server can be configured to display content at Security -> Web Auth -> Web Login Page