certificate signed by a 3rd party CA. The cable plugs in to port 2 on the WLC and goes out to the Internet using a dedicated port on the CPE on VLAN 11. This port is 192.168.111.1 and interface uses 192.168.111.2. DHCP should Hand out 192.168.111.20-200. Clients should be isolated from each other and should not be able to access lan subnets outside of the 192.168.111.0/24 range. The problem I have been running into is that the SSL name (I’ll say contosowireless.contoso.com) fails DNS queries. We did a packet capture and found that the dns server was not responding to queries. My theory is that the dns Server is on the LAN and packets are not passing through prior to the webauth completing. I’ve been working with support and they have me defining VLANS and routes and in 6 different pieces of equipment. There has to be a simpler way to configure this- any suggestions?
Solved! Go to Solution.
Allow DNS in your pre-auth ACL
Thanks for the advice! Tried this and now I can connect... but it skips the web auth login page... my WLC is properly handing out the 192.168.111.0/24 addresses to the clients that connect to the SSID, and I have Internet access from the SSID. I’ve uploaded my preauth acl which should only allow DNS to and from the server at 192.168.3.2. Any idea what I need to change?