Wireless Guest Access DNS issue

ms.nfm · ‎06-24-2009

Hello!

I am really stuck on a DNS issue we have with our Wireless Guest Access setup.

Hope to keep it as short as possible..

Setup with one anchor controller v5.2.178.0 centrally placed in our DC and several controllers placed on site at our offices. The guest wlan has been setup and mobility groups are up/up.

The anchor controller has been setup with a dhcp scope with isp dns servers.

I made a custom web-auth page and successfully uploaded.

I also installed a web-auth certificate with the right CN that meets my virtual interface domain hostname.

When i make connection and try to surf my redirect doesn't work. When i then delete the hostname on the virtual inteface and just setup 1.1.1.1 the redirect works when i enter 1.1.1.1. Redirect then for and external url like for example google.com doens't work while the ext ip of a url redirects succesfull.

I setup the 1.1.1.1 on my internal dns server but i acctually don't know how this resolving takes place because you don't setup internal dns servers..

Also i checked the whole path after the controlllers to the internet and my dns request to the outside world is successfull so it seems a local resolving issue on my controller.

Hope anybody could help me out because i am stuck on this..

Kind Regards,

Bas

dennischolmes · ‎06-24-2009

Insure that the client actually is showing on the anchor controller. If not, then your EoIP tunnel isn't up. Eping and Mping to verify that the tunnel is up. If you can Eping and Mping the tunnel is up and you likely are suffering from a known bug issue. Look up CSCsu82045 and I'm sorry to say that in 5.2 there is no work around.

ms.nfm · ‎06-24-2009

Client is showing up on my anchor controller and i see traffic in my firewall for the EoIP tunnel. Status of the tunnel isn't the issue.

And my controller is running a newer software release where the bug was resolved.

Also as i stated before the redirect works when entering the vip or public ip nr in the browser. Hope someone can/will assist.

Cheers, Bas

weterry · ‎06-24-2009

Correct me if I'm wrong, but it isn't your clients DNS to the outside world that is a problem, it is that you assigned a dns name to your virtual IP?

If I understand what you're saying though, you are providing these clients with public dns servers, so they will not be able to resolve the dns name assigned to your virtual interface.

In order to have a dns on your virtual interface, you're going to need to specify your clients dhcp to provide the internal dns servers (and allow for proper routing). Otherwise, you'll have to get rid of the dns name on the virtual interface.

Or are you saying that the clients can't resolve any dns?

ms.nfm · ‎06-25-2009

Yeah you are right in a way.

When i assign a DNS name to the VIP address the redirect doesn't work.

When i delete the hostname and just fill in 1.1.1.1 the redirect works directly to the VIP address BUT: when i then try to connect to for exmaple google.com dns also doesn't work, redirect only works when entering public ip's. But i am sure the route to the internet works because i see traffic going out to the right dns server of my isp. Maybe someone could explain how resolving of the VIP hostname works because i can't setup any dns servers on my management interface. I should say for the clients that only public dns servers should be needed.

matthew.mckenna · ‎06-26-2009

just use the 1.1.1.1 not anything else...or ask your isp to put in an A record for 1.1.1.1 j/k