Controller is vWLC 7.4, AP is 2600. Browser gets successfully redirected to 184.108.40.206, so DNS appears to work. However 220.127.116.11 does not respond. Wireshark in the client shows SYN frames but no response. I tried various debugs but nothing is shown on the WLC when the client attempts to reach the login page. 18.104.22.168 is not used in the local network and ends up at the default route. WLAN operates in central mode.
The browser works when web auth is disabled, but when enabled in either "authentication" or "passthrough" mode any attempts gets redirected to 22.214.171.124 and times out at that point. Telnet to 126.96.36.199:443 failed also.
Same on two different clients using different OS versions.
You use local or external page?
If local, you use default or customized page?
Rating useful replies is more useful than saying "Thank you"
Connect a laptop to the vlan you are testing webauth or passthrough on.... if that machine can get an ip address and browser the internet, then everything on the wired side is fine and you need to look at maybe the configuration on the WLC.
Help out other by using the rating system and marking answered questions as "Answered"
I've tested it in two very different production VLANs having different DHCP servers. Any client connected to those VLANs, whether by Wifi or Ethernet, gets an IP address and can work normally. The Wifi client also works fine when L3 web policy is disabled. A client connected via AP successfully gets an IP address in any case. DNS resolution has been verified and the redirection to 188.8.131.52 also works. It's just the connection to 184.108.40.206 which fails, everything else up to this point appears to work.
BTW: Is there a way to test the availability of the authentication web server on the WLC, locally? I can ping 220.127.116.11 successfully, but this only verifies the interface, not the web server. Normally I'd try a telnet to 18.104.22.168:443, but did not find anything similar on the WLC.
Here is a short cisco doc that will help you troubleshoot web authentication. Hope this helps:
It's a bug in the 7.4 train, I had the same issue and cisco tac gave me the bug ID, sadly its on my PC.
It works with 7.3 and in 7.5 when it gets released.
Check open cavets in the release note.
It only affects the virtual controller. Not the physical ones
Sent from Cisco Technical Support iPad App