User was using WLC 5500 controller and once the end clients get the DHCP address but the page is not redirecting them to the guest portal.
What is the best way to check as to why the redirection is failing?
That usually points to dns. Is the home page an https, if so, the user will not get redirected. The WLC intercepts the home page when the users opens up a browser and then verifies that dns can resolve the home page. If so, the WLC pushes the WebAuth page to the user. If not, the WLC dies nothing. If your using a 3rd part certificate to get rid of the certificate error, you need to make sure the fqdn can be resolved by the dns the clients are going to use.
Dns should resolve the initial url request then wlc hacks that packet and replace it with 188.8.131.52 instead of the resolved address to show the splash page to user, either u can use the public dns or insider dns that resolves the initial url request.
once client connected to webauth wlan and got an ip, manually type https://184.108.40.206/login.html, does it shows the cert warning and splash page after that, if not try with diff device, could be a browser issue. if it brings the page then like scott mentioned check the dns works thru nslookup.
The main thing if the webauth page does not appear is due to the clients homepage being https not http or dns issues. If you remove the webauth and associate to the ssid, can you access the internet? This will prove that dns is working okay from the guest users.
User followed the below mentioned steps and resolved the issue:
Under Interfaces, virtual interface for 220.127.116.11
Navigate to the Controller > Interfaces menu from the WLC GUI in order to assign a DNS hostname to the virtual interface. Removed the entry for DNS Host Name and set it to blank.
Tested and the redirect seems to work fine.
Web Authentication Redirection Process
Clients Redirected to External Web Authentication Server Receive a Certificate Warning
Problem: When clients are redirected to Cisco's external web authentication server, they receive a certificate warning. There is a valid certificate on the server, and if you connect to the external web authentication server directly the certificate warning is not received. Is this because the virtual IP address (18.104.22.168) of the WLC is presented to the client instead of the actual IP address of the external web authentication server that is associated with the certificate?
Yes. Whether or not you perform local or external web authentication, you still hit the internal web server on the controller. When you redirect to an external web server, you still receive the certificate warning from the controller unless you have a valid certificate on the controller itself. If the redirect is sent to https, you receive the certificate warning from the controller and from the external web server, unless both have a valid certificate.
In order to get rid of the certificate warnings all together, you need to have a root level certificate issued and downloaded onto your controller. The certificate is issued for a host name and you put that host name in the DNS host name box under the virtual interface on the controller. You also need to add the host name to your local DNS server and point it to the virtual IP address (22.214.171.124) of the WLC.
Error: "page cannot be displayed"
Problem: After the controller is upgraded to 126.96.36.199, the "page cannot be displayed " error message appears when you use a downloaded web page for web authentication. This worked well prior to the upgrade. The default internal web page loads without any problem .
From the WLC version 4.2 and later a new feature is introduced wherein you can have multiple customized login pages for Web authentication.
In order to have the web page load properly, it is not sufficient to set the web-authentication type as customized globally in the Security > Web Auth > Web login page. It must also be configured on a particular WLAN . In order to do this, complete these steps:
Log into the GUI of the WLC.
Click on the WLANs tab, and access the profile of the WLAN configured for Web-authentication.
On the WLAN > Edit page, click the Security tab. Then, choose Layer 3.
On this page, choose None as the Layer 3 Security.
Check the Web Policy box, and choose the Authentication option.
Check the Over-ride Global Config Enable box, choose Customized (Downloaded) as the Web Auth Type, and select the desired login page from the Login Pagepull down menu. Click Apply.
Hello, Anyone can explain the picture of AP signal. The picture shows signals strength in different angles so that we can know how strong the signal is at different angle. Do you think the picture show signal strength at some distance away from the AP? Fo...
We currently have a Cisco WLC 4402 with approximately 50 Aironet 1142 APs . When we we provision an AP both our guest and secure wlans are automatically setup on the APs. Is there a way or configuration where we could have certain APs "not" have the secur...
Hello, I'm using network environment based on AIR-AP3802I-E-K9 with WLC 5529 188.8.131.52. Could someone please tell me why some client devices which are using 2.4Ghz associating with AP only based on 802.11g?I've in NIC requirements tha...
i have tried to search everywhere without been able to get a real answer, does the vWLC (Cisco Virtual Wireless Controller) support the 802.11ac Radio Module installed on the 3600 and 3700 Cisco AP´s ?i can see the M module mentioned on the compatibi...
Hi,We have Catalyst 9800-40 WLC , and we are facing the issue "Two Access Points with same name are not able to join controller "I tried to add new access points . Initially APs joined controller and their MAC ID was shown in Access point list. ...