08-12-2013 12:37 PM - edited 07-04-2021 12:38 AM
Is it possible to provide locally switched guest wireless access in flexconnect mode with Web-Auth? All of the documentaion examples I can find show guest webauth with central switching.
I want a remote office, connected via DMPVN, to provide guest wireless from a flexconnect access point using local switching so it will go out the local Internet connection. The local switching works great for the Internal wireless that do central auth via EAP-FAST. The problem seems to arrise when I try to configure it for Web-Auth.
If I configure the local client DHCP scope to provide an external DNS it will not reach the Web-Auth page.
If I configure the local client DHCP scope to provide an internal DNS it will reach the Web-Auth page, but it will not go anywhere after that.
Is there something I am missing?
08-12-2013 12:39 PM
I forgot to add that the controller is an AIR-CT2504-K9 running version 7.4.100.0
The access point is internal to the DMVPN router model CISCO891W-AGN-N-K9
08-14-2013 12:30 PM
Hello,
As per your query i can suggest you the following link-
http://www.cisco.com/en/US/docs/wireless/controller/7.2/configuration/guide/cg_flexconnect.html
Hope this will help you.
08-14-2013 02:56 PM
Here is a simple link. And yes it will work
http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b3690b.shtml
Services
This table lists the legacy and new services supported with WLC version 7.0.116.0 with FlexConnect.
WAN Up (Central Switching) WAN Up (Local switching) WAN Down (Standalone)
Internal Webauth Yes Yes N/A
External Webauth Yes (7.2.110.0) Yes (7.2.110.0) N/A
Sent from Cisco Technical Support iPhone App
11-03-2014 09:42 PM
Dear Scott,
Thank you for your comment. I checked the link you shared, however I also checked one more link where it is mentioned -Note Guest user configuration is not supported with FlexConnect local switching.
Does this mean that guest web auth is not possible in flexconnect?
Actually, I looking that my guest users should authentication via webauth(as I want to control user with time based access) and once authentication the browsing should happen locally for internet access. Can you please suggest if this is possible, as I tried searching many documents for this.
Thank You,
09-05-2013 12:03 AM
I am having the same issue have you been able to resolve this? Neither of the links above explain how to properly configure this setup.
11-24-2013 12:35 PM
I have the same issue, clients cant connect to wi-fi with web auth passthrough (flexconnect local switching) when ap dissassociated from controller, TAC says that now thay cant do nothing.
12-28-2013 04:00 AM
#Webauth on local switching behavior is bit complicated but it works.
#It uses the DNS ip received from central-dhcp or local/remote dhcp server at the site for that client based on the config.
#the DNS response is snooped by AP(if remote/local dhcp is used or WLC for central-dhcp) and forwards it to WLC via capwap to display the internal page, if configured to use internal webauth page.
Try this:
#Set WLC to do http redirection, disable https redirection which is default.
#set AP to flexconnect, wlan to locally switched and enable webauth. Connect the wireless client, do nslookup, check what dns it is trying to use, it should use the one from the configured DHCP scope, if not statically configured on client.
#if nslookup doesn't works then try http://
#if redirection doesn't happen irrespective of auto/manual then enable tcp mss.
#Enable TCP-mss for APs, default is 1363. keep reducing until redirection works.
If stil doesn't work Open TAC case for further troubleshooting.
05-10-2014 08:25 PM
Can you please email the steps to me lovettd1@yahoo.com Thanks
09-11-2014 06:50 AM
I hope this help for future references:
www.cisco.com/c/en/us/support/docs/wireless/flex-7500-series-wireless-controllers/113605-ewa-flex-guide-00.html
01-24-2020 12:09 PM
Locally switched guest and central web authentication works. Make sure the "Local Net Users" are set up for the right WLAN, or chose "Any WLAN".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: