11-01-2015 01:48 AM - edited 07-05-2021 04:09 AM
Hi All
Can anyone tell me what path DNS takes when using Web Authentication with Flex Connect Local Switching and Central Authentication?
Does the DNS traffic for the authentication go down the CAPWAP tunnel to the controller or does it break out locally?
Regards
Roger
11-01-2015 08:20 AM
Rodger,
Authententication happens through the CAPWAP tunnel as the controller does the authentication or send the auth to a radius sever. Once the authentication happens, then all traffic is either centrally switched or locally switched depending on how you setup the WLAN for a FlexConnect AP.
-Scott
11-01-2015 11:23 AM
Hi Scott
Thanks for the reply.
I'm using locally switched with central authentication and central DHCP with a scope on the controller.
My understanding has always been that normally with web auth, the client associates, gets an IP address and then opens a browser. The client device then does a DNS lookup for the browser page, tries to go to that IP address, and then the controller intercepts and redirects the client to the login page.
My concern is the DNS element of this process. If this isn't switched locally then I would need to provide a path for the controller to be able to get to an external DNS server. Obviously I can't have the same subnet switched locally and also available on the controller.
Regards
Roger
11-04-2015 02:11 AM
Please check this links
http://www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html
https://supportforums.cisco.com/discussion/11897761/flexconnect-local-guest-wireless-w-web-auth
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide