Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cisco 5500 Wireless controller

Hello,

 

I have an issue with my guest access, when they access the ssid from the wifi, they try to go to www.google.com and the login portal (1.1.1.1) is not showing.

 

If I put manually 1.1.1.1 some times the web page will open and some times it will not open.

 

Any ideas?

 

Thanks.

5 REPLIES
VIP Purple

HI,If it connects to IP but

HI,

If it connects to IP but will not resolve a name means its definitely a DNS problem.

Check the cleints are getting DNS server details that its pingable and that the WLC/firewall etc are passing DNS traffic etc..

 

Regards

Community Member

Hi all, The version I have is

Hi all,

 

The version I have is 7.4.12.0 and the issue is that sometime the 1.1.1.1 will work manually and sometimes it will not even open.

 

Thanks.

Community Member

Hi,using the web gui, check

Hi,

using the web gui, check into "Controller > Interfaces > virtual" if "DNS Host Name" is filled or not. If it is, then the guest clients will have to be able to resolve that name with 1.1.1.1 (usually with an A record in the provided DNS).

In the WLAN configuration, are you using a "Preauthentication ACL"? If so, please put 1.1.1.1 as allowed.

Have you tried with different browsers? The page at 1.1.1.1 is an https resource, with a self signed certificate that some browsers could not love so much :)

Best regards,

Matteo

Cisco Employee

On WLC versions earlier than

  1. On WLC versions earlier than 3.2.150.10, you must manually enter https://1.1.1.1/login.html in order to navigate to the web authentication window.

    The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client connects to a WLAN configured for web authentication, the client obtains an IP address from the DHCP server. The user opens a web browser and enters a website address. The client then performs the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web authentication login page.

  2. Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On Windows, choose Start > Run, enter CMD in order to open a command window, and do a “nslookup www.cisco.com"; and see if the IP address comes back.

    On Macs/Linux: open a terminal window and do a “nslookup www.cisco.com"; and see if the IP address comes back.

    If you believe the client is not getting DNS resolution, you can either:

    Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also be a certificate problem. The controller, by default, uses a self-signed certificate and most web browsers warn against using them.

Cisco Employee

Try changing method list for

Try changing method list for CWA to dot1x/group

Enable Fast SSID Change

On the Wlan Advanced tab: disable client timeout, client exclusion, MFP, Aironet IE

103
Views
0
Helpful
5
Replies
CreatePlease to create content