WLC ISR G2 guest access web redirect local auth

Unanswered Question
Oct 24th, 2013
User Badges:

Hello,


Some background:

WLC 7.4.100.60 on 2911 ISR G2

This router is placed on an external datacenter and connected to remote site (where are the APs) by a provider VPN. No nat, routing is OK.


WLC (on 2911) == local router at remote site == local APs


Local AP :

AIR-LAP1041N-E-K9

7.4.100.60

Flex connect mode


This setup is fully fonctionnal with "classic" WLAN (WPA WLAN for example).


We want to setup, guest WLAN with local switching (Flex connect local switching mode + local DHCP + central auth by internal WLC Web auth, local user). Simple setup.


WLC has only two interface:

Management Int

Virtual int


The virtual int interface has 192.0.2.1 ip and there is no route to this IP.

Management Interface is routed and available from remote site.


AP at remote site is connected to WLC. We are able to deploy WLAN to it.


We create a WLAN no layer 2 security and layer 3 web policy + authentication + flex connect local switching + local DHCP (local server at remote site)..


This guest Wlan is successfully deployed to the AP at remote location.


We connect to the WLAN at remote location, are redirected to https://192.0.2.1/login.html?redirect=www.google.fr/ has it should for example and .... nothing.

Local packet capture show syn packet but no response from there.

Client is on WEBAUTH_REQD on WLC.


Debug on WLC used :


debug client MAC

debug pm ssh-tcp enable

debug pm ssh-appgw enable

debug pm rules enable

debug pm config enable

show client detail MAC

debug pem event enable

debug pem state enable


Troubleshooting debug used at WLC show no https request. It seems that it never make it to the WLC.

Following debug strategy of cisco doc we have no sshpmAddWebRedirectRules logs for example. Trying to reach login page produce no logs.


Last logs is


How client guest PC is able to reach this Virtual interface ? CAPWAP encap by the AP to the WLC management IP ?

No route is needed to this Virtual IP on this kind of setup ?


Thanks in advance for your time.


Best regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

Related Content

 

 

Trending Topics - Security & Network