07-31-2014 03:09 PM - edited 07-05-2021 01:18 AM
Hello,
I have an issue with my guest access, when they access the ssid from the wifi, they try to go to www.google.com and the login portal (1.1.1.1) is not showing.
If I put manually 1.1.1.1 some times the web page will open and some times it will not open.
Any ideas?
Thanks.
07-31-2014 11:16 PM
HI,
If it connects to IP but will not resolve a name means its definitely a DNS problem.
Check the cleints are getting DNS server details that its pingable and that the WLC/firewall etc are passing DNS traffic etc..
Regards
08-01-2014 09:16 AM
Hi all,
The version I have is 7.4.12.0 and the issue is that sometime the 1.1.1.1 will work manually and sometimes it will not even open.
Thanks.
08-01-2014 12:14 AM
Hi,
using the web gui, check into "Controller > Interfaces > virtual" if "DNS Host Name" is filled or not. If it is, then the guest clients will have to be able to resolve that name with 1.1.1.1 (usually with an A record in the provided DNS).
In the WLAN configuration, are you using a "Preauthentication ACL"? If so, please put 1.1.1.1 as allowed.
Have you tried with different browsers? The page at 1.1.1.1 is an https resource, with a self signed certificate that some browsers could not love so much :)
Best regards,
Matteo
08-01-2014 02:51 AM
On WLC versions earlier than 3.2.150.10, you must manually enter https://1.1.1.1/login.html in order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client connects to a WLAN configured for web authentication, the client obtains an IP address from the DHCP server. The user opens a web browser and enters a website address. The client then performs the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web authentication login page.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On Windows, choose Start > Run, enter CMD in order to open a command window, and do a “nslookup www.cisco.com"; and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a “nslookup www.cisco.com"; and see if the IP address comes back.
If you believe the client is not getting DNS resolution, you can either:
Enter either the IP address of the URL (for example, http://www.cisco.com is http://198.133.219.25)
Try to directly reach the controller's webauth page with https://<Virtual_interface_IP_Address>/login.html. Typically this is http://1.1.1.1/login.html.
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also be a certificate problem. The controller, by default, uses a self-signed certificate and most web browsers warn against using them.
08-05-2014 06:08 PM
Try changing method list for CWA to dot1x/group
Enable Fast SSID Change
On the Wlan Advanced tab: disable client timeout, client exclusion, MFP, Aironet IE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide