cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
389
Views
0
Helpful
3
Replies

WLC Portal Authentication

Barry Landon
Beginner
Beginner

I have a WLC 3504 that has interface assigned to it named Cisco 1 with SSID also assigned as Cisco 1.  When i connect a client i receieve an external ISP portal for authentication.  This SSID with interface works.

 

Im required to create a new SSID, named Cisco 2 with a new interface also named Cisco 2 but when i match the security profile of none, from working SSID, i do not get a external ISP portal for authentication but do get sent to the ISP webpage which states an error and cannot proceed.  The client receives an IP address from the WLC perspective but the client cycles from connect to not connect, as authentication cannot take place.

 

When i assign interface Cisco 2 to SSID Cisco 1 this also works.  I see an external ISP portal ready for authentication.

 

I tried altering the security profle to include wpa + wpa2 but no luck.  Without a PSK password.  DHCP ip addresses are correct.

 

WLC > SWITCH > ROUTER > EXTRENAL

 

The WLC is trunked to the switch.  A default route to reach the router.  The router has a staic entry to reach the DHCP server. Policy map on ingress port from switch to allow the subnet range of the new dhcp pool.

 

I think the issue is with the configuration at the WLC.  As adding the working interface to new ssid works.  Any ideas to try?

 

 

3 Replies 3

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

You may need to review both configurations.

 

i will check below :

 

1. what is the cisco1 IP address 

2. what is the Cisco2 IP address for the interface

3. Do you have any NAT, then you need to allow cisco 2 IP and a new SSID DHCP pool address for accessing the portal.

 

Testing.

You know Cisco 2 Interface IP address, configured your PC with same range IP and try to access external web portal for authentication is that works?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I actually did that test. I have my laptop and gave it IP address in subnet
range of Cisco 2. When I go to google.com I'm direct to the ISP portal but
with an error message. Gives the impression they are wanting an additional
step to authorise their portal.


Gives the impression they are wanting an additional
step to authorise their portal.

not sure what this process, as long Change of Auth, wireless is handover there to next level i assume. this require more investigation by comparing with working one.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers