Re: Guest Network Allowed Ports

dan.letkeman · ‎01-07-2011

Hello,

We have an issue where people on our guest wifi network are not allowed to access websites with non standard ports.

eg. http://www.mycompany.com:81/

They just get a 404 error in there browser.

Is there a place on the WLC that you can allow certain ports to work through the guest network?

Thanks,
Dan.

weterry · ‎01-07-2011

Can you give a little more information?

Are you suggesting that an authenticated guest user can only browse port 80?

Or are you saying that an unauthenticated guest user is not being redirected to webauth page, because they are doing port 81 instead (which in turn means they never can get to the internet)?

If that latter is true, then I believe this is where "config network web-auth-port " comes in to play. If you added port 81 as a web-auth-port, then the WLC would be listening to port 81 as well, and should then redirect the user to web-auth.

dan.letkeman · ‎01-07-2011

""Are you suggesting that an authenticated guest user can only browse port 80?""

Yes. It seems as if the users are only allowed to browse websites that are on port 80/443.

There are no issues with authentication or browsing otherwise.

Thanks

Dan.

weterry · ‎01-07-2011

Then unless you have an ACL in place on the WLC itself, nothing comes to mind that would be preventing this on the AP/WLC side. In otherwords, there is no feature that needs to be configured to allow certain ports. By default, a wireless guest user should be able to pass the same kind of traffic through the WLC as any other user. Its access is typically defined/limited by the network infrastructure, not the WLC.

Perhaps something upstream from the guest client is blocking it?

Are you fairly confident it is the WLC/AP itself blocking this traffic? If so, then I'd look at a packet capture of the WLC port to prove the the Port 81 traffic is being sent from the AP to the WLC, and the whether or not the WLC is sending it to the DS...