Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
756
Views
0
Helpful
2
Replies

Webauth with Flexconnect APs and locally switching WLAN

krishanmistry
Level 1
Level 1

‎08-11-2014 01:07 AM - edited ‎07-05-2021 01:20 AM

Hi 

 

I have a customer who is running version 7.4  on a Cisco 5508 wireless LAN controller together with 1602 APs deployed across a number of sites.  They have all the APs set up in Flex mode and are currently locally switching all their wlan's onto a local VLAN, which all works fine.  They have recently requested to enable a guest WLAN with internal web authentication and allow the traffic to break out locally at the AP end with a seperate ADSL internet connection.  

With no authentication users are able to get access to the internet and when web authentication is enabled users do not get redirected for authentication.  However when you manually enter the address of the virtually interface (1.1.1.1) you get presented with the webauth splash page.   I have tried a couple of combination with no real luck:

  • centralised DHCP and locally DHCP server from the firewall 
  • Enable and disabling NAT-PAT

Does anyone have this working and are there any particular config or software versions required?

 

Thanks in advance

1 person had this problem
Labels:
0 Helpful
2 Replies 2

David Watkins
Level 4
Level 4

‎08-11-2014 11:01 AM

This should work perfectly fine on any 7.4 release your customer is running.  I have this configured in my lab right now and it is working fine, on both 7.4.121.0 and 7.6.120.0.  I'm pretty sure this works since 7.0 or possibly earlier.

The fact that you can "manually" redirect to the splash page indicates that the client is not able to perform a DNS query successfully.  Without DNS, the client will never attempt to form a TCP session to a remote web server, thus the WLC has nothing to intercept and redirect the client.

Try connecting the client, and while they're in the WebAuth_REQD state, have the client open the CMD prompt and perform an nslookup and try to resolve some public URLs.  If this doesn't work, which it probably won't based upon your description, to make your life easier, place a test client on the same "VLAN" as your guests should be getting, via a "WIRED" connection.  Work on resolving DNS resolution that way, to make it less convoluted.

Once the client is successfully resolving DNS on the same VLAN the guests will be using, then try your wireless client to see if they redirect.

 

 

0 Helpful

ReadersUK
Level 2
Level 2

‎02-13-2015 09:21 AM

Hi

 

Did you get this resolved? i have the same issue

 

regards

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card