Re: Looking to setup wifi customer survey redirect

DCatBSCH · ‎07-01-2024

Hello all,

My current environment consists of a WLC 5520 with mostly if not all 9120AXI ap's on prem. Our current setup for guest wifi does not use ISE authentication it simply allows the end user on the network via captive portal.

VIP is requesting to have me setup wifi captive portal redirect which directs the guests to a customer survey. I was able to re-create a similar guest WLAN in order to test the setup but even after copying the configuration it seems that the SSID can broadcast but is unable to get out to the internet.

Does anybody have instructions on setting up this network? Thank you in advance for any help.

marce1000 · ‎07-01-2024

- I don't have an immediate direct reply , but if there are configuration changes or additions on the controller
then validate the controller configuration again using : WirelessAnalyzer input (procedure) for AireOs controllers
and then feed the output from that into Wireless Config Analyzer

For the older aireos based controller such as the 5520 it becomes kind of mandatory to use the last release available :
https://software.cisco.com/download/home/286284738/type/280926587/release/8.10.196.0

For irregular client behavior use client debugging according to : https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/213258-collect-debugs-from-wireless-lan-control.html
Note that client debugs can be processed and analyzed with : Wireless Debug Analyzer

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Rich R · ‎07-02-2024

Without knowing anything about how your config looks it's hard to say.

Compare the WLAN configs side by side and look for any differences (other than those which are intended)

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

DCatBSCH · ‎07-02-2024

So as or right now we have a WLC (5508) that lives inside of our DMZ and a wlc that hangs off of the core. According to our documentation (I'm still new here) the DMZ WLC is purposes specifically for hosting the guest WLAN and the 5520 is for the 9120 AP's/regular day to day SSID's. I don't see any AP's associated with the 5508 so I'm trying to understand how the WLAN is being broadcasted since both of the WLC's have the SSID's.

I've copied the configuration identically to the current running configuration but I'm still unable to receive an ip on my device. Is it possible that I have to configure the WLAN on the 5508 rather than the 5520?

jagan.chowdam · ‎07-02-2024

This solution is called Guest Anchor Mobility.

Refer the following documents for good understanding of how the solution works.

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-10/config-guide/b_cg810/configuring_auto_anchor_mobility.html

https://mrncciew.com/2013/03/22/auto-anchor-mobility/

Jagan Chowdam

/**Pls rate useful responses**/

Rich R · ‎07-03-2024

And make sure the software on both WLCs is up to date as per the TAC recommended link below.

Currently that is 8.10.196.0 for the 5520 and 8.5.182.12 for the 5508.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's and TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's, Best Practices for 9800 WLC's and Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs

DCatBSCH · ‎07-03-2024

Jagan, I was able to get the WLAN up and running based on your suggestions on anchoring thank you! Would you happen to know what the proper steps are to setting up the customer survey re-direct splash page would be? I'm referring to the documentation and it mentions providing a pre-authorization acl but not sure what ip I should be permitting..

jagan.chowdam · ‎07-05-2024

Cisco WLC does not store user responses for splash login. An external server is required if this is a necessity. In your original post, you mentioned you have ISE. Are you planning to use ISE for the Guest Portal (CWA)?

The following are the Guest Portal techniques available on Cisco Controllers:

LWA - Local Web Authentication
CWA - Central Web Authentication

If you have access to Cisco Live On-Demand videos, there is an excellent session titled "Be My Guest! Design and Deploy Wireless Guest Access That Works" which explains these options in detail. You can search for "BRKEWN-2014" at Cisco Live On-Demand Library.

For Cisco WLC ACLs, refer to this blog post by Rasika, which provides a clear explanation: WLC Access Control List (ACL).

Note that Pre-auth ACL changes based on the option you choose (CWA or LWA).

Jagan Chowdam

/**Pls rate useful responses**/

DCatBSCH · ‎07-10-2024

Hey Jagan, for the guest wireless we are using the passthrough option. I tested the page with a re-direct in the override global config along with a pre-auth acl for permitting any any traffic but Im not able to hit the redirect for some reason. Not really sure what else I am missing at this point.