cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1395
Views
0
Helpful
12
Replies

Guest Network

vishal.rane
Level 1
Level 1

Hello All

Guest Network was working earlier, recently it doesnt seems to work with no changes on WLC. From any smartdevice and Windows Machine we can connect the Guest SSID but authentication page doesnt popups.

WLC 4400
software version   7.0.235.0

Any suggestion

thanks

Vishal

1 Accepted Solution

Accepted Solutions

You don't need an in and out... since this is your guest interface, just use the in:

interface Vlan15

description Guest_Network

ip address 192.168.1.254 255.255.255.0

ip access-group GUEST_DENY in

ip access-group GUEST_DENY out <-- remove

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

View solution in original post

12 Replies 12

Scott Fella
Hall of Fame
Hall of Fame

Hate to say this, but did you try to reboot the WLC? Also on the 4400, you might want to look at v7.0.240.0.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hello Scott

Rebooting didnt help but on upgrading to V 7.0.240.0 the Guest VLAN started working.

URL redirection stopped working. URL redirection entry - www.gmail.com

Guest users can browse internet but email download and other web apps doesnt work, i.e whatsapp,skype,gtalk

on the core there is vlan and acl

10.10.100.1 - local dns server


interface Vlan15
description Guest_Network
ip address 192.168.1.254 255.255.255.0
ip access-group GUEST_DENY in
ip access-group GUEST_DENY out

ip access-list extended GUEST_DENY
permit ip 192.168.1.0 0.0.0.255 host 10.10.100.1
deny   ip 192.168.1.0 0.0.0.255 10.10.100.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 172.20.40.0 0.0.1.255
permit ip any any   

appreicate some feedback

thanks in advance

cheers

Vishal

I would look to see if your ACL's are the issue.... if you remove the ACL's, does it work?  The WLC will not block any of that, so it leads me to believe that something on your ACL's or FW has changed.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Scott removing the ACL  all works great.  what could be the issue on the ACL

In the ACL

Line 1 -  allowing guest vlan communication to local DNS server

Line 2 -  4 deny local network

Line 5 -  allow anything else

WLC====Catalyst6500====firewall=====Internet

I rechecked nothing changed on Firewall nor ACL on switch

cheers

Vishal

Well... ACL's have an implicit deny at the end. You need to make sure you are allowing everything that you want or else it will be denied. Log your ACL's and see which one is causing the issue.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Hello Scott

my ACL >> permit ip any any in the end.

ip access-list extended GUEST_DENY

permit ip 192.168.1.0 0.0.0.255 host 10.10.100.1

deny   ip 192.168.1.0 0.0.0.255 10.10.100.0 0.0.0.255

deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

deny   ip 192.168.1.0 0.0.0.255 172.20.40.0 0.0.1.255

permit ip any any 

I am trying to understand how others manage/configure  guest ACL and for URL redirection which interface in WLC needs to have Internet Access assuming the url redirection is www.yahoo.com

thanks again

Vishal

You don't need an in and out... since this is your guest interface, just use the in:

interface Vlan15

description Guest_Network

ip address 192.168.1.254 255.255.255.0

ip access-group GUEST_DENY in

ip access-group GUEST_DENY out <-- remove

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***

Scott ACL works now

One last info required - URL redirection not working. Redirection URL www.yahoo.com

Multiple interface are there on WLC which one to allow for internet access to send the redirection traffic to internet

Redirection before the user authenticated or after? If you have web policy enabled, any http site will be redirected to the splash page. If the users home page is https, it will fail. You can always redirect the user to a URL after they authenticate either globally on the WebAuth section or on the WLAN security tab you can override and enter it there.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott

Redirection after user authentication.

Security>Web Auth > redirection URL

URL redirection www.yahoo.com

Tested above and it doesnt work

So after the user authenticates, can you just type the URL for Google, Yahoo or CNN and can they access these sites? Is internet working after they authenticate?

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

blenka
Level 3
Level 3
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: