08-25-2022 11:42 AM
Hello,
I'm trying to configure a configuration to allow the user of the WiFi network to access a captive portal, which has different forms of authentication.
The problem is that a user who has not yet logged in cannot access the external service to login (I understand that this is not a problem, but the expected behavior).
The captive portal works for the primary authentication method (radius and LDAP), but it doesn't work for the external service.
To resolve this issue, I tried to do one of the procedures described in the documentation:
Allowed List of Specific URLs: https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/config-guide/b_wl_16_10_cg/whitelisting-of-specific-urls.html
I also tried a suggestion presented here in the community, which involves releasing, via ACL, the address of the other external captive portal, but it didn't work either. Here's the link and the example:
"""
ip access-list extended BYPASS_ACL2
deny ip any host 52.55.235.39
deny ip any host 34,235,248,212
exit
parameter-map type webauth global
webauth-bypass-intercept BYPASS_ACL2
"""
I noticed that there is a release option via DNS, but apparently it uses ISE, which we don't have here at the institution.
Could you please help me with any suggestions or tips?
08-26-2022 07:53 AM
I presume the commas in 34,235,248,212 are a typo?
Yes that is the right approach. Your bypass ACL can have up to 9 lines (I've recently discovered) which get added at the beginning of the auto-created intercept ACL (numbered 1-9) for your specified captive portal IP (show ip access-list). Any extra lines will be ignored.
To check what ACLs are getting applied to the client "show wireless client mac <mac> detail" while the client is connected.
Also use packet captures to verify what's happening.
I currently have a TAC case open for the controller sending TCP resets instead of redirects to clients.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide