Friday, June 5, 2015

Configuring a Cisco Wireless Controller to redirect to a URL instead of for web page authentication

I don’t usually deal with Cisco wireless controllers aside from setting AAA / RADIUS authentication but I was recently asked to complete the process of requesting a certificate from a public Certificate Authority to secure the web page sign-in page presented by a Cisco WLC 5508 wireless controller. For more information about generating a CSR and completing the certificate process, see my previous post:

Generating SSL certificate with OpenSSL for Cisco Wireless Controller

After completing the certificate process, I noticed that a certificate warning would still be presented when the user is redirected to the web logon page and that’s because the WLC redirects the user to the URL and we all know that we cannot issue a certificate with the name  The Cisco documentation found here: also does not provide a clear way of handling this issue.  With a big of digging around in the WLC administration page, I was able to locate where to set the URL that will be used for redirecting traffic and the configuration is located here:

Click on the Controller tab:


Click on Interfaces then on the virtual Interface Name:


The DNS Host Name field is where you would enter the URL used for redirecting traffic:


You can use a URL such as for the redirection:


With the URL out of the way, the last problem is how we can handle resolving the URL to the IP address which presents the login page.  A bit of searching on Google brought me to the following post:

WebAuth: WLC Certificate without DNS entry for virtual interface

Basically what’s suggested is to create a public DNS A record that maps to the IP address  From here, I went ahead and created the A record and was immediately able to get the URL to match the certificate as well as properly getting redirected to the IP address presenting the web page.

No comments: