cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
927
Views
0
Helpful
5
Replies

WebAuth redirect DNS Host not resolving

Pete Bauer
Level 1
Level 1

Hello,

I'm trying to get my WebAuth redirect for guest to resolve a hostname, not an IP address.  If I delete the hostname information it redirect's fine to the IP address (but has a cert error).  I'd like to have to redirect to a hostname so it will match the CN of the cert i've loaded on the controller.  We're using OpenDNS for the public DNS so I cannot put an A Record on there associating 192.168.254.1 to washcoguest.co.washington.mn.us. 

Right now when I connect to the SSID, it try's to direct me be cannot resolve the hostname and I get a page cannot be displayed.

Any help would be great.

PeteCapture.JPG

1 Accepted Solution

Accepted Solutions

Scott Fella
Hall of Fame
Hall of Fame

I have been in that situation. So what I have done is take a public ip address and use that for the VIP and had the ISP enter a DNS record to resolve the FQDN to that public ip address. As long as the domain name used to generate the certificate is a registered domain name and you own it, the ISP should have no issues adding it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

5 Replies 5

Stephen Rodriguez
Cisco Employee
Cisco Employee

For that to work you need to create the A record. Do you have a DNS server that you have administrative control over that you could point too?

Steve

Sent from Cisco Technical Support iPhone App

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Amjad Abdullah
VIP Alumni
VIP Alumni

Pete: without the record it does not work.

The client machine should be able to do the DNS resolution otherwise it does not work.

In one machine you can add a static entry in the hosts file but it is not efficient to do this with large number of clients.

HTH

Amjad

Sent from Cisco Technical Support iPad App

Rating useful replies is more useful than saying "Thank you"

We're using OpenDNS Enterprise so I cannot add an A Record to that.  I can get an A Record added with our ISP, however it will have to corrilate to one of our external address.

Would it work if I NAT the virtual IP to an external IP and have our ISP put an A Record pointing to the external address?

Pete,

You can host that A record inside, but that would mean your guest need to have access to your inside DNS. Not ideal, but some people do that ...

Correct, you can host it with your ISP and it would need to match your domain. Which means you need a new cert.

For this very reason, I own "guestnetwork.org" and I host and provide certificates to get around all the confusion customers have. I can host XXXXXX.guestnetwork.org and its published in a few minutes and ready to go..

As for your NAT question. The Virtual IP should not be routable, which in your question its not, but  just want to mention it. The client will need to reslove the name to the virtual IP. Adding all these extra steps only adds confusion.

I might suggest, redo the cert, publish it with yout ISP.

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

Scott Fella
Hall of Fame
Hall of Fame

I have been in that situation. So what I have done is take a public ip address and use that for the VIP and had the ISP enter a DNS record to resolve the FQDN to that public ip address. As long as the domain name used to generate the certificate is a registered domain name and you own it, the ISP should have no issues adding it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card