I have setup a WLC in the DMZ (anchor) and created EoIP tunnels with foreign WLC's.
My users can obtain an IP address given by the anchor WLC, but, they are not redirected to the authentication portal hosted on the anchor WLC.
- The DNS are the ones from Google (184.108.40.206). I cannot do a nslookup on 220.127.116.11. (this explains why the user is not redirected to auth page).
- I can reach the auth page by typing the IP address of the virtual IP (https://x.x.x.x/login.html) and I can successfully login.
- But even after being authenticated, I cannot do anything, no access to Internet (even by typing IP addresses of the websites) nor do any nslookup.
- When I am authenticated, I can successfully ping the "guest" interface of my Anchor WLC.
I have already built 2 other similar setup for other regions of the world and it works perfectly. Do you have any idea where the problem can come from ?
I am running 18.104.22.168 on the anchor WLC (5508) and 22.214.171.124 on the foreign WLC (5508).
Many thanks for your help !
If you can reach your gateway (dynamic interface) after you manually web-auth redireced, then it sounds like these clients just don't have internet access. I would highly suggest looking at the next hop and making sure you can ping successfully with a ping sourced from the applicable vlan/network. The symptoms you describe just sound like lack of internet connectivity.
1. You have an IP
2. You can't nslookup (ie. DNS queries are either not making it to DNS server, or answers are not coming back)
3. You can reach default gateway (wired dynamic interface gateway); so WLC is out of the picture at this point
Since you can't nslookup, but you can reach your wired gateway, definitely focus on internet connectivity for this subnet/vlan. This is not a wireless problem. Perhaps this is a "new" network scheme added and you have not adjusted your NAT ACL statements to properly NAT this new network? Firewall not allowing traffic to pass or return?