09-24-2010 11:07 AM - edited 07-03-2021 07:13 PM
I was using Document 100787 as a guide.
1. I have 1252 & 1142 AP's connected to the Wism (6.0.188.0 code)
2. FWSM I have a 4402 (6.0.188.0 ) appliance connected as my anchor.
3. ACS is ver 4.2
All of my wireless networks function as expected. I see the successful auth in ACS. I just built a new WPA2 network and set it up to use Splash screen redirect. It doesn't seem to matter what I do it just wont work. IE or Mozilla.
Test 1 was to drop the users at the wism. There was no splash screen.
There was no evidence of my url-redirect in the wireshark trace.
Test 2 used the 4402 as my anchor point with the same results.
In both cases the client was authenticated and was able to navigate the internet and other duties. The problem is apon opening the broswer there is no redirect.
Any thoughts ?
09-24-2010 12:32 PM
09-29-2010 09:57 AM
I am not sure I understand what you are trying to accomplish. Typically you do not configure L2 encryption such as WPA/2 on web authentication SSIDs. This is because it is difficult to manage L2 encryption on networks intended for guest use or non domain users. If this SSID is for guest/non domain users I would use a PSK and provide that to end users if you need to use L2 encryption. If this is for domain users I would normally use 802.1x for authentication via EAP-TLS or PEAP.
09-29-2010 10:36 AM
Yes this is a WPA2 AES /802.1x Network. Management has dictated that there must be a splash screen that comes up. Cisco states that this can be done. However I have yet to see how .
09-29-2010 10:43 AM
I assume you have already enabled the web auth on the SSID under L3 security. Once you are able to auth using L2 can you type the virtual interface IP address of the wlc? It is usually 1.1.1.1 or whatever you chose on install. Issues like this are usually related to DNS. The wireless client must be able to look up DNS names for the web redirect to work. If you are able to pull the splash page with the IP address then it fairly certain you have a DNS issue.
09-29-2010 10:48 AM
layer 2 WPA2 Policy
WPA2 Encryption
Layer 3
Web Policy
SPlash Page Web Redirect
Yes DNS works
Once the client has an IP and opens the browser they pull up the internet site. Just no splash screen
09-29-2010 10:55 AM
Are you able to pull the splash page directly by the virtual IP address? Also, have you had the same result when you set L3 to authentication rather than splash page?
09-29-2010 10:50 AM
http://1.1.1.1 pulls up nothing but an unknown page
( time out )
09-29-2010 11:02 AM
I would try https://1.1.1.1 as well just for testing. The only thing I can think of is that since the WLC already sees the client as authenticated it does not route to the splash page. If you force L3 to require authentication as well does the WLC then present the page and request a password?
09-29-2010 11:44 AM
I do get the site certificate error page and then I click past it. It bombs out with page not found.
09-29-2010 11:58 AM
Have you tried creating a new ssid tied to the same dynamic interface using web splash only? This would at least prove if the wlc is serving up the page properly at all.
09-29-2010 12:43 PM
That is exactly what I have done here. I'm also using a second ACS 4.2 server as well.
09-29-2010 01:50 PM
HUmmm... Did you anchor the anchor to itself?
09-25-2011 10:43 AM
Hello Michael,
Please mark the Question as Answered, if the provided information is correct and it helped. By doing that others can take benefit as well.
Thanks,
Vinay Sharma
Community Manager – Wireless
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: