Hi Scott

Roger Alderman · ‎11-01-2015

Hi All

Can anyone tell me what path DNS takes when using Web Authentication with Flex Connect Local Switching and Central Authentication?

Does the DNS traffic for the authentication go down the CAPWAP tunnel to the controller or does it break out locally?

Regards

Roger

Scott Fella · ‎11-01-2015

Rodger,

Authententication happens through the CAPWAP tunnel as the controller does the authentication or send the auth to a radius sever. Once the authentication happens, then all traffic is either centrally switched or locally switched depending on how you setup the WLAN for a FlexConnect AP.

-Scott

-Scott
*** Please rate helpful posts ***

Roger Alderman · ‎11-01-2015

Hi Scott

Thanks for the reply.

I'm using locally switched with central authentication and central DHCP with a scope on the controller.

My understanding has always been that normally with web auth, the client associates, gets an IP address and then opens a browser. The client device then does a DNS lookup for the browser page, tries to go to that IP address, and then the controller intercepts and redirects the client to the login page.

My concern is the DNS element of this process. If this isn't switched locally then I would need to provide a path for the controller to be able to get to an external DNS server. Obviously I can't have the same subnet switched locally and also available on the controller.

Regards

Roger

Prakash Parvathala · ‎11-04-2015

Please check this links

http://www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html

https://supportforums.cisco.com/discussion/11897761/flexconnect-local-guest-wireless-w-web-auth

Flex Connect Web Authentication