Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
0
Helpful
3
Replies

WLC Portal Authentication

Barry Landon
Level 1
Level 1

‎12-03-2021 12:34 AM - edited ‎12-03-2021 12:35 AM

I have a WLC 3504 that has interface assigned to it named Cisco 1 with SSID also assigned as Cisco 1.  When i connect a client i receieve an external ISP portal for authentication.  This SSID with interface works.

 

Im required to create a new SSID, named Cisco 2 with a new interface also named Cisco 2 but when i match the security profile of none, from working SSID, i do not get a external ISP portal for authentication but do get sent to the ISP webpage which states an error and cannot proceed.  The client receives an IP address from the WLC perspective but the client cycles from connect to not connect, as authentication cannot take place.

 

When i assign interface Cisco 2 to SSID Cisco 1 this also works.  I see an external ISP portal ready for authentication.

 

I tried altering the security profle to include wpa + wpa2 but no luck.  Without a PSK password.  DHCP ip addresses are correct.

 

WLC > SWITCH > ROUTER > EXTRENAL

 

The WLC is trunked to the switch.  A default route to reach the router.  The router has a staic entry to reach the DHCP server. Policy map on ingress port from switch to allow the subnet range of the new dhcp pool.

 

I think the issue is with the configuration at the WLC.  As adding the working interface to new ssid works.  Any ideas to try?

 

 

Labels:
0 Helpful
3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

‎12-03-2021 01:19 AM

You may need to review both configurations.

 

i will check below :

 

1. what is the cisco1 IP address 

2. what is the Cisco2 IP address for the interface

3. Do you have any NAT, then you need to allow cisco 2 IP and a new SSID DHCP pool address for accessing the portal.

 

Testing.

You know Cisco 2 Interface IP address, configured your PC with same range IP and try to access external web portal for authentication is that works?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Barry Landon
Level 1
Level 1
In response to balaji.bandi

‎12-03-2021 09:05 AM

I actually did that test. I have my laptop and gave it IP address in subnet
range of Cisco 2. When I go to google.com I'm direct to the ISP portal but
with an error message. Gives the impression they are wanting an additional
step to authorise their portal.


0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Barry Landon

‎12-03-2021 05:38 PM 

Gives the impression they are wanting an additional
step to authorise their portal.

not sure what this process, as long Change of Auth, wireless is handover there to next level i assume. this require more investigation by comparing with working one.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card