08-21-2024 07:12 PM - edited 08-21-2024 07:13 PM
Hi, I have setup push portal with email verification. Once clients are connected to the ssid, they are required to key in their email addresses and will receive a temporary verification code via their email. A pre-auth ACL has been configured on WLC to permit port 25, 587, 465 however the client still unable to receive email. Would like to know if i miss out any config.
08-21-2024 11:09 PM
- What is the WLC model and software version being used ? Why is the purpose (intend) of specifying those port numbers ?
M.
08-21-2024 11:55 PM
Its WLC 5520 with software version 8.10.162.0. Those ports number are for SMTP. We configured an external push portal with email verification.
The client will be redirected to the captive portal (landing page) automatically upon connecting. The landing page displays a form where the user enters their email address and submits it. The server processes the email address and sends a verification email containing a code.
In order for the client to receive the verification email before completely authenticated, we have to configured pre-auth ACL to allow email traffic.
08-22-2024 12:03 AM
- I would advise that you try with an 'all-open' ACL first (for testing) , the problem being that modern e-mail applications (apps) both sending and receiving may not always use the traditional 'old style' ports
If that works , then you can try to capture traffic and check witch ports are being used
+ As per https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html
The 5520 should use 8.10.196.0 , especially if nothing helps. The aireos based models must these days
use the last release available , because they are being phased out in favor of the 9800 controllers
M.
08-22-2024 12:39 AM
Thank you for the suggestion, will try that.
08-21-2024 11:34 PM
Pre-auth need also to allow dhcp and dns and http/https
Add these ports and check
MHM
08-21-2024 11:58 PM
We have allowed both DHCP and DNS. If we are to allow http/https also, isn't that mean client will be to able to do web browsing even without a complete authentication?
08-22-2024 12:24 AM
Allow http/https to and from mgmt wlc IP not from ANY
MHM
08-22-2024 12:44 AM
We have allowed http/https to the external portal IP, and managed to get the landing page prompted. WIFI client able to obtain IP and submit their email address on the portal but unable to receive the verification code via email. Client switched to mobile data and the verification email came in. Just wondering why do we need to allow http/https to WLC IP since the email is received through internet.
08-22-2024 01:46 AM
Ok no need to allow http/https to mgmt ip of wlc if you use external.
Now you allow dns dhcp and http/https abd mail server
Can I see last acl you use
MHM
09-01-2024 11:17 AM
I think this approach is bound to fail. SMTP is normally only used for sending email.
Most email clients will use POP or IMAP for retrieving email and that can be on a variety of different ports:
https://support.host100.co.uk/en/knowledgebase/article/email-protocols-%E2%80%93-pop3-smtp-and-imap-tutorial
By default, the POP3 protocol works on two ports:
Port 110 - this is the default POP3 non-encrypted port
Port 995 - this is the port you need to use if you want to connect using POP3 securely
By default, the IMAP protocol works on two ports:
Port 143 - this is the default IMAP non-encrypted port
Port 993 - this is the port you need to use if you want to connect using IMAP securely
Some mail services may use non-default ports.
However these days many clients use a web browser (https) to access their email.
The more complicated you make it to use your service the less clients will use it. The drop off rate for this type of solution is very high. People will just switch to mobile data rather than use WiFi which is complicated and difficult.
As per https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKEWN-2014.pdf
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide