Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1550
Views
0
Helpful
5
Replies

can sign in to guest but cannot go to internet

atifali.zaidi1
Level 1
Level 1

‎09-20-2021 10:17 AM

aires os wlc as foreign running - 8.10.142.0 

 

9800 anchor wlc running 17.3.3

 client connects on an ap on the foreign wlc , gets an ip.address from the dhcp scope , gets redirected toward ISE login page.  client signs in and gets the login successful message.  on the foreign wlc , client state is "run" and says export- foreign . but even though the client login is successful, the 9800 state says "webauth pending".  the 9800 anchor wlc contains the dhcp scope for guest clients . also the internet breakout is at the 9800 anchor location.

 

upon checking client configuration , user gets a valid IP, dns which is 8.8.8.8

dns resolve works but user cannot open any website.

 

what can i do ?

Labels:
0 Helpful
5 Replies 5

atifali.zaidi1
Level 1
Level 1

‎09-20-2021 10:24 AM

the redirect acl is already applied to guest policy profile on the 9800 controller.  the same acl is applied on the foreign wlc but of course the 9800 has a punt acl with denh statements , and the aireos wlc has acl with permit statements .  another site with a different foreign wlc tunneling to the same 9800 wlc works fine . so not sure what is the issue here .

0 Helpful

Arshad Safrulla
VIP Alumni
VIP Alumni

‎09-20-2021 01:03 PM - edited ‎09-20-2021 01:04 PM

Is COA is being received by WLC? Can you post a RA Trace for the client?

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
0 Helpful

atifali.zaidi1
Level 1
Level 1
In response to Arshad Safrulla

‎09-20-2021 10:27 PM

COA is enabled on both the foreign and anchor controllers, i will paste the debug from aireos and 9800 

0 Helpful

LC.IT
Level 1
Level 1

‎09-21-2021 05:35 PM

Cisco recommends use of version 8.10.151.0 to IRCM environment. Try to upgrade you AireOS WLC.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller-aireos_ircm_dg.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card