Instagram X-twitter
TL-Logo-small
Github X-twitter Linkedin

Configuring a Cisco Wireless Controller to redirect to a URL instead of 1.1.1.1 for web page authentication

Recent Visitor 98

I don’t usually deal with Cisco wireless controllers aside from setting AAA / RADIUS authentication but I was recently asked to complete the process of requesting a certificate from a public Certificate Authority to secure the web page sign-in page presented by a Cisco WLC 5508 wireless controller. For more information about generating a CSR and completing the certificate process, see my previous post:

Generating SSL certificate with OpenSSL for Cisco Wireless Controller
https://blog.terenceluk.com/generating-ssl-certificate-with-openssl/

After completing the certificate process, I noticed that a certificate warning would still be presented when the user is redirected to the web logon page and that’s because the WLC redirects the user to the URL https://1.1.1.1 and we all know that we cannot issue a certificate with the name 1.1.1.1.  The Cisco documentation also does not provide a clear way of handling this issue.  With a big of digging around in the WLC administration page, I was able to locate where to set the URL that will be used for redirecting traffic and the configuration is located here:

Click on the Controller tab:

image

Click on Interfaces then on the virtual Interface Name:

image

The DNS Host Name field is where you would enter the URL used for redirecting traffic:

image

You can use a URL such as wlc.domain.com for the redirection:

image

With the URL out of the way, the last problem is how we can handle resolving the URL to the IP address 1.1.1.1 which presents the login page.  A bit of searching on Google brought me to the following post:

WebAuth: WLC Certificate 1.1.1.1 without DNS entry for virtual interface
https://supportforums.cisco.com/discussion/11145901/webauth-wlc-certificate-1111-without-dns-entry-virtual-interface

Basically what’s suggested is to create a public DNS A record that maps wlc.domain.com to the IP address 1.1.1.1.  From here, I went ahead and created the A record and was immediately able to get the URL to match the certificate as well as properly getting redirected to the 1.1.1.1 IP address presenting the web page.

Back to Blogs

Hello! My name is Terence Luk and welcome to my blog.

About me

Follow me:

Github X-twitter Linkedin

Categories

Related Posts

One Response

  1. "From here, I went ahead and created the A record and was immediately able to get the URL to match the certificate as well as properly getting redirected to the 1.1.1.1 IP address presenting the web page."
    — Could you please tell where did you create A record… client's phone/laptop or on Cisco WLC or your DNS server???

    How to add A record if you configure public DNS server in your DHCP of WLC?

    Thank you

Subscribe to the mailing list to receive posts updates!

Sign up for my newsletter to see new photos, tips, and blog posts. Do not worry, we will never spam you.

Dive deep into the world of cloud computing with expert insights, tips, and tutorials tailored specifically for architects, engineers, and developers.

Github X-twitter Linkedin

Categories

Recent Posts

  • 2025 Terence Luk. All rights reserved.