WLC web-authentication dependency on router IOS?

Unanswered Question
Jun 11th, 2010

Hello -

I have the following guest network setup....

                802.11           lwapp                      EoIP                        L2 trunk                       L2                   DSL

[wifi client] ) ) ) ))) [AP]-------------{local WLC}---------------[anchor wlc]-------------------[l3 switch]-----------[router]-----------------[internet]

                                                  4404                         4404                            3550                  1801                    

I am running version 4.2.207 on both the internal and anchor WLCs.    12.2.(25)seb4 on the 3550, and 12.4.11T2 on the 1801 router.  

All has been working fine.   A client associates to the AP, it's DHCP requests are placed in the LWAPP tunnel and directed over to the anchor WLC where it recieves it's DHCP address, then upon opening a browser is redirected to the virtual IP of the anchor WLC where it is served the web-auth splash screen. The user clicks "accept" and internet access is granted.

This a.m I upgraded my 1801 router to version 12.4(15)T13.   The upgrade took ok.   However, after the upgrade the client was no longer able to receive the web-auth screen.   The client associated to the AP ok and received it's DHCP address.   But the browser just hangs and comes back with "page not found".  

I am trying to understand what functionality that the web-auth process depends on would be affected by the 1801 IOS upgrade?   I did not think that the web-auth process would depend on the 1801 router.    Perhaps it's the ability to do a DNS lookup prior to providing the splash screen?   If so why would a new IOS version prevent that functionality?  The config and architecture did not change.  

Any thoughts or advice are appreciated.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
leejohns Mon, 06/14/2010 - 11:48


Changing the code on the router should have no affect on the web auth process at all unless like you mentioned, it blocked some access for some reason. If the anchored clients are getting the correct IP, show up as web auth required on the anchor WLC, etc, then all of that should be working correctly.  Are you able to perform an nslookup still from the guest clients?

What happens if you place a wired client on the 3550 or the 1801 in the same vlan as the guest wireless users? Can they access the Internet OK, etc?  If not, then you have completely removed the wireless from the equation.  If the wired test client works, then you will probably want to get a sniffer capture from the anchor WLC port to see what all is going into and out of the port.




This Discussion