Cisco 5500 Wireless controller

opnineopnine · ‎07-31-2014

Hello,

I have an issue with my guest access, when they access the ssid from the wifi, they try to go to www.google.com and the login portal (1.1.1.1) is not showing.

If I put manually 1.1.1.1 some times the web page will open and some times it will not open.

Any ideas?

Thanks.

Sandeep Choudhary · ‎07-31-2014

HI,

If it connects to IP but will not resolve a name means its definitely a DNS problem.

Check the cleints are getting DNS server details that its pingable and that the WLC/firewall etc are passing DNS traffic etc..

Regards

opnineopnine · ‎08-01-2014

Hi all,

The version I have is 7.4.12.0 and the issue is that sometime the 1.1.1.1 will work manually and sometimes it will not even open.

Thanks.

Matteo Comisso · ‎08-01-2014

Hi,

using the web gui, check into "Controller > Interfaces > virtual" if "DNS Host Name" is filled or not. If it is, then the guest clients will have to be able to resolve that name with 1.1.1.1 (usually with an A record in the provided DNS).

In the WLAN configuration, are you using a "Preauthentication ACL"? If so, please put 1.1.1.1 as allowed.

Have you tried with different browsers? The page at 1.1.1.1 is an https resource, with a self signed certificate that some browsers could not love so much :)

Best regards,

Matteo

mohanak · ‎08-01-2014

On WLC versions earlier than 3.2.150.10, you must manually enter https://1.1.1.1/login.html in order to navigate to the web authentication window.
The next step in the process is DNS resolution of the URL in the web browser. When a WLAN client connects to a WLAN configured for web authentication, the client obtains an IP address from the DHCP server. The user opens a web browser and enters a website address. The client then performs the DNS resolution to obtain the IP address of the website. Now, when the client tries to reach the website, the WLC intercepts the HTTP Get session of the client and redirects the user to the web authentication login page.
Therefore, ensure that the client is able to perform DNS resolution for the redirection to work. On Windows, choose Start > Run, enter CMD in order to open a command window, and do a “nslookup www.cisco.com"; and see if the IP address comes back.
On Macs/Linux: open a terminal window and do a “nslookup www.cisco.com"; and see if the IP address comes back.
If you believe the client is not getting DNS resolution, you can either:
- Enter either the IP address of the URL (for example, http://www.cisco.com is http://198.133.219.25)
- Try to directly reach the controller's webauth page with https://<Virtual_interface_IP_Address>/login.html. Typically this is http://1.1.1.1/login.html.
Does entering this URL bring up the web page? If yes, it is most likely a DNS problem. It might also be a certificate problem. The controller, by default, uses a self-signed certificate and most web browsers warn against using them.

Abha Jha · ‎08-05-2014

Try changing method list for CWA to dot1x/group

Enable Fast SSID Change

On the Wlan Advanced tab: disable client timeout, client exclusion, MFP, Aironet IE