Re: WLC tcp port 80 access only

nmdc.kzstan · ‎04-05-2012

Hi,

One of the SSIDs in WLC 5500 (SV:7.2.103.0) is configured in web authentication mode. After authentication (local database) users can access

http sites and can't access, for example, https sites.

TIA

Scott Fella · ‎04-05-2012

Interesting. I know that guest users will not get the splash page if their home page is an https site, but from my experience, after logging in via webauth, you are allowed to go to any site unless filtered by something else. Best test is to connect a wired pc to the guest vlan and see if a wired device can or can't access an https site. Make sense?

Thanks,

Scott Fella

Sent from my iPhone

-Scott
*** Please rate helpful posts ***

daviwatk · ‎04-05-2012

I presume there are no ACLs in place for this WLAN? If so, please post them here so we can take a look.

What's in between your WLC/Clients and your ISP? Firewall, Proxy/Web Filer, IDS, etc?

If you take a packet capture from the WLC switchport (port-channel if lag), do you see a proper TCP handshake take place? I would find out what's going on with the flow of traffic if you don't see any indication from a device like listed above. As long as you can verify that the Client traffic has left the WLC, then you should investigate why it's not coming back.

Scott's suggestion above of testing a wired client would be your best bet to start with.