Skipping Web Passthrough for a single client

Unanswered Question
Apr 13th, 2012
User Badges:
  • Silver, 250 points or more

Is it possible to set one client up so that it can go online and does not have to open up a web page and click on the "Accept" button?


Trying to get this working for Apple TV which does not have a browser.  So since until a client clicks on the "Accept" button no traffic is passed clients can't see the Apple TV and connect to it.  However I don't want to disable the web passthrough option for every one.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Scott Fella Fri, 04/13/2012 - 13:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Why not create a new SSID for the Apple TV and use AP Groups to specify what APs will broadcast that SSID. Well you will not broadcast it to the clients but the AP will have it:). Then map that SSID for Apple TV to the same subnet as the iPad users, etc. You can't exclude devices from webauth.


Thanks,


Scott Fella


Sent from my iPhone

Mohammad Ali Fri, 04/13/2012 - 15:29
User Badges:
  • Silver, 250 points or more

Unfortunately that is not possible due to our setup.  I do have a different SSID for the Apple TV and both SSID's are mapped to the same network.  However the issue is that the first SSID have "p2p blocking enabled" and second one doesn't.  So all the clients are connecting to that too.


What I tried was the following:


Setup MAC Filtering, then setup "MAC Failure Action" to go to the web pass through redirect page and added Apple TV's MAC to the allowed MAC list however.  That sort of works but the clients after they hit accept it just keeps bringing that page up and does not finish the authentication.

Scott Fella Fri, 04/13/2012 - 15:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

I don't know why SSID is doing what. What I'm saying is that you create a new SSID just for the Apple TV (I think it supports WPA2-AES psk) and then that would map to the same vlan as the iPad users. So the Apple TV and iPads would be on a seperate WLAN SSID.


Thanks,


Scott Fella


Sent from my iPhone

Mohammad Ali Fri, 04/13/2012 - 16:03
User Badges:
  • Silver, 250 points or more

Already done that but then the iPad users if they do not connec to the same SSID they won't be able to see the Apple TV because that particular SSID have "P2P Block Action" set to "Drop".

Scott Fella Fri, 04/13/2012 - 16:08
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Do you require that... If P2P is enabled and even if the Apple TV and iPads are on the same subnet, you are preventing the devices from communicating.


Thanks,


Scott Fella


Sent from my iPhone

Mohammad Ali Fri, 04/13/2012 - 16:11
User Badges:
  • Silver, 250 points or more

It is not enabled on the second SSID where Apple TV and the iPad users are connected


SSID1 -------------> 192.168.1.0/24 --------------> Regular guest users (p2p actions drop)

                                   |

SSID2 -------------> 192.168.1.0/24 --------------> Apple TV and users who are connecting to Apple TV only (p2p blocking disabled)

Scott Fella Fri, 04/13/2012 - 16:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

This is what I'm trying to describe:


SSID1 -------------> 192.168.1.0/24 --------------> Regular guest users (p2p actions drop)

|

SSID2 -------------> 192.168.1.0/24 --------------> Apple TV users who are connecting to Apple TV only (p2p blocking disabled)  WebAuth

|

SSID3 -------------> 192.168.1.0/24 --------------> Apple TV only (p2p blocking disabled) WPA2-AES psk

Mohammad Ali Fri, 04/13/2012 - 16:25
User Badges:
  • Silver, 250 points or more

Just tried that scenario too but iPad won't see the Apple TV still.


I'm just surprised that there is no option to exclude a client if we want and if there isn't how come that other scenario with the MAC filtering isn't working.  May be I should create a case with Cisco.

Scott Fella Fri, 04/13/2012 - 16:30
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Okay... do you have the following configured:


Multicast mode set to multicast

Global multicast enabled

IGMP Snooping enabled

Broadcast forwarding enabled

Scott Fella Fri, 04/13/2012 - 16:33
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

You also might have to do this on the switch.... depends if you still can't get the ipads to see the Apple TV:


https://supportforums.cisco.com/message/3519224#3519224

Mohammad Ali Fri, 04/13/2012 - 16:36
User Badges:
  • Silver, 250 points or more

No I'm going to configure that and test it next week and post back the results thank you for your help and if that does not work I'll try wiring it too and see if that helps.

Scott Fella Fri, 04/13/2012 - 16:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

No problem... I assumed that you had the multicast stuff already enabled.  Give it a try... there are other post regarding the Apple TV that you might want to look at, but it works with some configuration changes.

Mohammad Ali Mon, 04/16/2012 - 06:21
User Badges:
  • Silver, 250 points or more

Good morning Scott, just a quick question.  I have enabled all those.  But I do get a message that the multicast IP is reserved by IANA it might not work properly.  I have the IP set as 224.0.0.1.  Should I just ignore that message?

Stephen Rodriguez Mon, 04/16/2012 - 07:31
User Badges:
  • Purple, 4500 points or more

that address shouldn't be configured anywhere.  It is the address that a device will send packets too.  When you configure multicast in your network, you should use a 239.x.x.x address, as this is reserved for locally scoped multicast groups.  Think of it like an RFC 1918 address for the clients.


Steve

Mohammad Ali Tue, 04/17/2012 - 16:49
User Badges:
  • Silver, 250 points or more

Update, tried this with all the multicast settings configured on the WLC but still doesn't work if clients are on a different SSID.     

Scott Fella Tue, 04/17/2012 - 21:09
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Okay... So if they are on the same SSID it works?


Sent from Cisco Technical Support iPhone App

Scott Fella Wed, 04/18/2012 - 04:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well I just tested my Apple TV and I put my iPhone and iPad on a different SSID but on the same subnet as the Apple TV and it worked for me.

Mohammad Ali Wed, 04/18/2012 - 05:36
User Badges:
  • Silver, 250 points or more

Yes but one of the SSID where clients are has p2p blocking enabled so when I try to connect to the Apple TV from the clients that are on the SSID where the p2p blocking is enabled they can't see the ATV. 

Scott Fella Wed, 04/18/2012 - 05:40
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 Wireless

Well that feature "P2P Blocking" is doing what it does. Not allowing communication with other wireless devices. You will need to remove that if you want the devices to communicate with the other devices... Apple TV.


Thanks,


Scott Fella


Sent from my iPhone

Actions

This Discussion