07-08-2013 05:42 AM - edited 07-04-2021 12:22 AM
Controller is vWLC 7.4, AP is 2600. Browser gets successfully redirected to 1.1.1.1, so DNS appears to work. However 1.1.1.1 does not respond. Wireshark in the client shows SYN frames but no response. I tried various debugs but nothing is shown on the WLC when the client attempts to reach the login page. 1.1.1.1 is not used in the local network and ends up at the default route. WLAN operates in central mode.
The browser works when web auth is disabled, but when enabled in either "authentication" or "passthrough" mode any attempts gets redirected to 1.1.1.1 and times out at that point. Telnet to 1.1.1.1:443 failed also.
Same on two different clients using different OS versions.
07-08-2013 06:49 AM
You use local or external page?
If local, you use default or customized page?
Rating useful replies is more useful than saying "Thank you"
07-08-2013 06:52 AM
Plain default internal, without modification.
07-08-2013 07:46 AM
Connect a laptop to the vlan you are testing webauth or passthrough on.... if that machine can get an ip address and browser the internet, then everything on the wired side is fine and you need to look at maybe the configuration on the WLC.
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered"
07-08-2013 11:46 PM
I've tested it in two very different production VLANs having different DHCP servers. Any client connected to those VLANs, whether by Wifi or Ethernet, gets an IP address and can work normally. The Wifi client also works fine when L3 web policy is disabled. A client connected via AP successfully gets an IP address in any case. DNS resolution has been verified and the redirection to 1.1.1.1 also works. It's just the connection to 1.1.1.1 which fails, everything else up to this point appears to work.
BTW: Is there a way to test the availability of the authentication web server on the WLC, locally? I can ping 1.1.1.1 successfully, but this only verifies the interface, not the web server. Normally I'd try a telnet to 1.1.1.1:443, but did not find anything similar on the WLC.
07-10-2013 10:10 PM
Hello,
Here is a short cisco doc that will help you troubleshoot web authentication. Hope this helps:
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080a38c11.shtml
07-11-2013 02:51 AM
It's a bug in the 7.4 train, I had the same issue and cisco tac gave me the bug ID, sadly its on my PC.
It works with 7.3 and in 7.5 when it gets released.
Check open cavets in the release note.
It only affects the virtual controller. Not the physical ones
Sent from Cisco Technical Support iPad App
07-15-2013 12:24 AM
Thanks for this information!
07-11-2013 04:57 AM
Thanks for updating and posting what you found!
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide