Hello Scott

Rebooting didnt help but on upgrading to V 7.0.240.0 the Guest VLAN started working.

URL redirection stopped working. URL redirection entry - www.gmail.com

Guest users can browse internet but email download and other web apps doesnt work, i.e whatsapp,skype,gtalk

on the core there is vlan and acl

10.10.100.1 - local dns server

interface Vlan15
description Guest_Network
ip address 192.168.1.254 255.255.255.0
ip access-group GUEST_DENY in
ip access-group GUEST_DENY out

ip access-list extended GUEST_DENY
permit ip 192.168.1.0 0.0.0.255 host 10.10.100.1
deny   ip 192.168.1.0 0.0.0.255 10.10.100.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
deny   ip 192.168.1.0 0.0.0.255 172.20.40.0 0.0.1.255
permit ip any any   

appreicate some feedback

thanks in advance

cheers

Vishal

I would look to see if your ACL's are the issue.... if you remove the ACL's, does it work?  The WLC will not block any of that, so it leads me to believe that something on your ACL's or FW has changed.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

Scott removing the ACL  all works great.  what could be the issue on the ACL

In the ACL

Line 1 -  allowing guest vlan communication to local DNS server

Line 2 -  4 deny local network

Line 5 -  allow anything else

WLC====Catalyst6500====firewall=====Internet

I rechecked nothing changed on Firewall nor ACL on switch

cheers

Vishal

Well... ACL's have an implicit deny at the end. You need to make sure you are allowing everything that you want or else it will be denied. Log your ACL's and see which one is causing the issue.

Sent from Cisco Technical Support iPhone App

Hello Scott

my ACL >> permit ip any any in the end.

ip access-list extended GUEST_DENY

permit ip 192.168.1.0 0.0.0.255 host 10.10.100.1

deny   ip 192.168.1.0 0.0.0.255 10.10.100.0 0.0.0.255

deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

deny   ip 192.168.1.0 0.0.0.255 172.20.40.0 0.0.1.255

permit ip any any 

I am trying to understand how others manage/configure  guest ACL and for URL redirection which interface in WLC needs to have Internet Access assuming the url redirection is www.yahoo.com

thanks again

Vishal

Scott ACL works now

One last info required - URL redirection not working. Redirection URL www.yahoo.com

Multiple interface are there on WLC which one to allow for internet access to send the redirection traffic to internet

Redirection before the user authenticated or after? If you have web policy enabled, any http site will be redirected to the splash page. If the users home page is https, it will fail. You can always redirect the user to a URL after they authenticate either globally on the WebAuth section or on the WLAN security tab you can override and enter it there.

Sent from Cisco Technical Support iPhone App

Scott

Redirection after user authentication.

Security>Web Auth > redirection URL

URL redirection www.yahoo.com

Tested above and it doesnt work

So after the user authenticates, can you just type the URL for Google, Yahoo or CNN and can they access these sites? Is internet working after they authenticate?

Sent from Cisco Technical Support iPhone App