When you get an IP, does it mean the EOIP tunnel works fine? or not necessary?

thanks,

Han

With webauth, if you get an ip address, and that dhcp scope is defined in the DMZ, then  your tunnel is up, or it should be up.  Not getting a webauth or splash page is a DNS issue or certificate issue if using a 3rd party certificate.  You can CLI into your DMZ WLC and issue a show mobility status and you should be able to see if the mobility is up or not.  You can also see this in the GUI if you wanted to.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Scott,

Are Webauth and Splash Redirect two different authrizaton methods? Where do you configure webauth? I found at our DMZ WLC, Does it look alright?

thanks,

Webauth and splash page is the same. Here is a link that explains webauth and how to set it up.

https://supportforums.cisco.com/docs/DOC-13954

Sent from Cisco Technical Support iPhone App

Please take a look at the following from the link that you sent me, and please look at the top of the post.

from what i understand is that the DNS not necessarily the issue. Since I didnt type any url and I dont see where it needs it.

Correct me if I am wrong.

thanks,

Han

"

Then you are supposed to type in a URL in your browser. The URL  has  to be valid!!! The client will resolve the URL through the DNS  protocol.  The client will then send his HTTP request to the ip address  of the  website. The WLC intercepts that request and returns the webauth  login  page, spoofing the website ip address. In case of external web   authentication, the WLC replies with your website ip address an http   response saying the page has moved. And where did your web page move ?   To the external web server used by WLC of course. Once you're   authenticated, you gain access to all network resources and are, by   default, redirected to the URL you originally requested (unless you   configured a forced redirect on the WLC).

"

The symptom that we have,

when i type the yahoo.com' ip address in the browser, I get this following,

guest-wlc02/login.html?redirect=98.139.183.24

Okay... so the splash page is shwoing... what is 98.139.183.24?  Do you have a redirect configured on the WLC?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Is the VIP of the WLC 98.139.183.24?  Do you have something configured in this field:

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Hey, Scott,

First, 98.139.183.24 is Yahoo's IP.

Second,

there is a web url configured

thanks,

Han

Scott,

does this make any sense to you?

thanks,

Ha

It does... You home page is yahoo and that is why you see what you are seeing. With the redirect, after a successful login, you will be redirected to what you have entered and not the home page.

Sent from Cisco Technical Support iPhone App

Solved. It was a Natting issue on the FW, DNS is outside one and the natting couldnot pass the traffic.

thanks,

Han

That will do it... one of the test I usually do if there is an issue with webauth is to connect a wired pc to the guest vlan in the dmz and see if that device can or can't access the internet.  Then you are able to rule out any wireless issue.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"