Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1012
Views
30
Helpful
5
Replies

virtual c9800 with dnaspace captive portal loading page delay

jaheshkhan
Level 4
Level 4

‎03-06-2022 01:53 AM

we have successfully integrated virtual c9800 WLC with dnaspace. captive portal page is openining but with great delay of 30 sec. sometimes it throws error and then we can see top left of browser circling retrying the page and then opens.

Facing this problem in windows machines (10 and 11)

This is how the process.

1. we click the guest SSID

2. it will show connecting and laptop get required DHCP IP address

3. default browser pop ups and we can see http://www.msftconnecttest.com/redirect in address bar of browser

4. it will change from http to https https://www.msftconnecttest.com/redirect

5. then it starts trying to load web page. From here loading shows delays.  it may sometimes shows in address bar as follows:
https://splash.dnaspaces.io/p2/companyname?switch_url=https://virtualip.company.com/login.html&ap_mac=1c:d1:e0:06:43:00&client_mac=3b:5c:71:71:dc:96&wlan=SSID-GUEST&redirect=http://www.msftconnecttest.com/redirect
6. it stays there for longer than expected. sometimes it throws error showing network change error. but browser keeps trying nd loads the page.

 

under web auth, we have used public signed CA certificate and domain name specified there.  Only captive portal page setup has done. no radius server kind of set up for dnaspace. ie users will not authenticated with dnaspace. instead sms gateway configured in dnaspace.

 

url filtering is used for this splash.dnaspaces.io .

 

What could be the reason delayed page loading ? we are stuck at this stage. sometimes when it throws error and stays there long time 30 or more seconds users thinks its not working and closes the page and retries it. this makes big issue with our client.

 

 

 

5 Replies 5

Flavio Miranda
VIP
VIP

‎03-06-2022 07:19 AM

Hi

 This Microsoft page is your client validating internet access propably. This kind of delay can be dns taken longer to resolve or can be basic connectivity problem.

What I suggest is:

- First, try different devices and differents browsers. This will not solve  you problem but will give some direction.

-Once client gets IP address run some nslookup command to see dns resolution.

- Use some service to mesure how fast the dnacspace page open with a client already on the internet.

jaheshkhan
Level 4
Level 4
In response to Flavio Miranda

‎03-07-2022 02:13 AM

@Flavio Miranda 

I have tried different browser and machines. All give the same result. Domain added laptop were taking more delay than non domain laptops. 
if we run wireshark in the client laptop, most of the time it will load within 5 to 6 sec which is very strange. Because of this, we are unable to trace the issue at all. Luckily one time the issue got reproduced when I ran wireshark. I can see retransmission packets in it.
we already have tickets with cisco TAC. but they couldnt identify issue yet.. according to them, WLC sending the url https://splash.dnaspaces.io/p2/companyname?switch_url=https://virtualip.company.com/login.html&ap_mac=1c:d1:e0:06:43:00&client_mac=3b:5c:71:71:dc:96&wlan=SSID-GUEST&redirect=http://www.msftconnecttest.com/redirect within 2 secs.

 

After loading it on client PC it showing the delay.

 

we checked dns resolution . we cannot find any delay.  they have internal dns server only for  the guest SSID.

 

They have existing wifi 5 setup with clearpass. it has no issue. clearpass is deployed internally not in public.

 

once client got internet, we tested dnaspace url. its working without any delay.  only during the initial connectivity while redirecting from http://www.msftconnecttest.com its taking all kind of delay.

 

is there any other way to use service to measure how fast dnaspace opens page?
 

 

ammahend
VIP
VIP

‎03-06-2022 11:34 AM - edited ‎03-06-2022 11:35 AM

Is the error you mentioned 503 error ?

follow the Troubleshoot section of this document and share tHe logs 

 

https://www.cisco.com/c/en/us/support/docs/wireless/dna-spaces/215423-dna-spaces-captive-portal-with-9800-cont.html#anc37

-hope this helps-

jaheshkhan
Level 4
Level 4
In response to ammahend

‎03-07-2022 02:18 AM

kindly note virtual interface has 192.0.2.1 ip address and it has publicly signed CA cerificate with domain name. there is no 503 error throwing for this .

 

the error page it gets is without any error code. some thing mentioned "network changed" on the browser page then it retries and get connected. here it says another 10 or 15 seconds long or sometimes even longer time.

 

 

Arshad Safrulla
VIP Alumni
VIP Alumni

‎03-06-2022 11:39 AM

How your WLC is integrated with DNA Spaces? What's the Internet throughput available at the site? What is the latency?

Even though with a slower throughput, I do not see why the page has to take 30 secs to load. I have a Meraki setup and I do not see much delay in Captive portal compared to the one which were using (ISE) before the migration.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card