Windows 7 with WLC and guest access

Unanswered Question
Apr 9th, 2010
User Badges:
  • Bronze, 100 points or more

AIR-WLC4402-25-K9 running 5.2.193.0 and I setup guest internet-only access which worked for 2 days. I change both the "User Idle Timeout (seconds)" and "Enable Session Timeout " to 10hours (36000) as guest was complaining he had to re-authenticate again. Anyways, guest was still able to pickup ip address and logs show that life "appears" fine but he had not internet guest access. He had a Windows7 box...anyways, before I can finish troubleshooting, he had to leave....My question is if there is any issues with Windows 7 that others had a problem...or is it the timers I tweaked  - or both?



Thu Apr 8 15:19:06 2010User joe logged in. Client MAC:00:12:f0:99:71:ce, Client IP:192.168.55.110, AP MAC:00:00:00:00:00:00, AP Name:N/A
15Thu Apr 8 15:09:28 2010User joe logged in. Client MAC:00:12:f0:99:71:ce, Client IP:192.168.55.107, AP MAC:00:00:00:00:00:00, AP Name:N/A
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pmchandler Thu, 03/03/2011 - 08:42
User Badges:

This has probably been resolved now but for what its worth, here is how we solved a similar problem...


Windows Vista and Windows 7 both have a feature called Windows Intelligent Internet.


This intelligent behaviour does indeed  relate to both Windows 7 and Vista.  Full  details of how this functionality works can be found at the following Technet  links:

Windows 7

http://technet.microsoft.com/en-us/library/ee126135(WS.10).aspx

Vista

http://technet.microsoft.com/en-us/library/cc766017(WS.10).aspx

To work around this Microsoft describe  how to use Group Policy to turn off this feature.  As Group Policy cannot be  applied to guest PCs, allowing the traffic specifically related to this feature  through the WLAN controller and firewall will stop the PC issues you have seen  but still retain the requirement for users to accept the splash screen before  having access to the internet.

This can be achieved by creating a  Pre-authentication ACL on the Guest WLAN  interface:-

Configure a  preauthentication ACL on the WLAN to allow wireless clients to  allow:-

1.       Permit DNS resolution (UDP/53) to  213.199.181.90

2.       Permit TCP port 80 to  131.107.255.255

Actions

This Discussion

 

 

Trending Topics - Security & Network