WLC 5508 with IPAD IPOD IPHONE and Landing page not appear

Patrick Werner · ‎03-06-2013

Hi Community.

We have a centralized WLC with some branch office with AP's in Flexconnect Mode. The Wlans are configured to use Web Authentication (Landing Page). The Landing Page is Cisco Default.

We're experiencing some problem with Apple Devices, on some the Landing Page apperars on some not. The WLC Software is about 1 year old.

On a XP machine the landing page doesn't appear too, but you can type in the address manually and it works.

Whats the best sollution to include the Apple Devices successfully in the WLC Wireless World.

Hope you can help, Patrick

Scott Fella · ‎03-06-2013

Well what address are you using to see the WebAuth page, your virtual? Usually the issue with a WebAuth page not showing up is DNS issue or the user trying to access an https site as their home page.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Patrick Werner · ‎03-06-2013

The Branchoffices has a Router with DHCP for the Wireless devices who connects to the Internet, we have created a Vlan with a dedicated DHCP range.

Here is the Router config:

ip dhcp pool BlueMonkeyGast
network 172.16.80.0 255.255.254.0
default-router 172.16.80.1
dns-server 8.8.8.8
!
ip dhcp pool BlueMonkeyEvent
network 172.17.80.0 255.255.254.0
default-router 172.17.80.1
dns-server 8.8.8.8

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 1 native

ip address 192.168.80.9 255.255.255.0

ip nat outside

ip virtual-reassembly in

!

interface GigabitEthernet0/0.2

encapsulation dot1Q 180

ip address 172.16.80.1 255.255.254.0

ip access-group BlueMonkey in

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/0.3

encapsulation dot1Q 181

ip address 172.17.80.1 255.255.254.0

ip access-group BlueMonkey in

ip nat inside

ip virtual-reassembly in

interface GigabitEthernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

ip nat inside source list ACL_NAT interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1

ip route 192.168.10.0 255.255.255.0 192.168.80.1

!

ip access-list extended ACL_NAT

permit ip 172.16.0.0 0.15.255.255 any

ip access-list extended BlueMonkey

permit udp any any eq bootps

permit udp any any eq bootpc

deny ip any 172.16.0.0 0.15.255.255

deny ip any 192.168.0.0 0.0.255.255

deny ip any 10.0.0.0 0.255.255.255

permit ip 172.16.80.0 0.0.0.254 any

permit ip 172.17.80.0 0.0.0.254 any

Patrick Werner · ‎03-06-2013

Address is 1.1.1.1

Scott Fella · ‎03-06-2013

Have you verified that DNS is working? I know your using a public address, but no splash page is a DNS issue as long as the client gets an IP.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎03-06-2013

To test if the landing page works and eliminating the WLC side is to open a browser to the VIP address. So if you get the landing page using the VIP, then it's most likely a network issue or DNS. Verify connectivity using a laptop connected to the guest vlan and verify the laptop gets an IP and can access the Internet.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

wjenkins · ‎03-06-2013

Just to add to what Scott stated. If you have specified a DNS name on the Virtual Interface then the DNS server must resolve that name to the virtual interface IP address of 1.1.1.1. The DHCP scopes are using the public DNS server 8.8.8.8 (Google) which will not work.

Bill Jenkins

Sent from Cisco Technical Support iPad App

Patrick Werner · ‎03-07-2013

Guys, i see every second IP adress has a Internet connection. Every even IP Number, the odd IP Number havent a Internet Connection

I do a NAT betwenn 192.168.0.14 255.255.255.0 and 172.17.20.1 255.255.254.0

This is my NAT Rule

ip nat inside source list ACL_NAT interface GigabitEthernet0/1 overload

ip access-list extended ACL_NAT

permit ip 172.16.0.0 0.15.255.255 any

Here the NAT Translations:

tcp 192.168.0.14:51174    172.17.20.2:51174     4.28.11.50:443        4.28.11.50:443
tcp 192.168.0.14:53590    172.17.20.4:53590     17.149.36.177:443     17.149.36.177:443
tcp 192.168.0.14:50095    172.17.20.6:50095     17.172.232.70:443     17.172.232.70:443

tcp 192.168.0.14:49391 172.17.20.8:49391 17.172.232.114:443 17.172.232.114:443

udp 192.168.0.14:55348 172.17.20.8:55348 8.8.8.8:53 8.8.8.8:53
tcp 192.168.0.14:52477 172.17.20.10:52477 157.56.254.54:443 157.56.254.54:443

tcp 192.168.0.14:34352 172.17.20.12:34352 212.227.17.186:993 212.227.17.186:993
tcp 192.168.0.14:56589 172.17.20.20:56589 17.158.10.36:443 17.158.10.36:443

maldehne · ‎03-07-2013

the web auth certificate installed on your controller is it locally generated or third party

what is the CN?

If it is CN doesn't equal 1.1.1.1 i would go with

wjenkins

Patrick Werner · ‎03-08-2013

The problem was in the ACL. If the wireless client hasn't a connection to the internet, the landing page doesn't appear.

Thanks guys