Controller is vWLC 7.4, AP is 2600. Browser gets successfully redirected to 126.96.36.199, so DNS appears to work. However 188.8.131.52 does not respond. Wireshark in the client shows SYN frames but no response. I tried various debugs but nothing is shown on the WLC when the client attempts to reach the login page. 184.108.40.206 is not used in the local network and ends up at the default route. WLAN operates in central mode.
The browser works when web auth is disabled, but when enabled in either "authentication" or "passthrough" mode any attempts gets redirected to 220.127.116.11 and times out at that point. Telnet to 18.104.22.168:443 failed also.
Same on two different clients using different OS versions.
Connect a laptop to the vlan you are testing webauth or passthrough on.... if that machine can get an ip address and browser the internet, then everything on the wired side is fine and you need to look at maybe the configuration on the WLC.
Help out other by using the rating system and marking answered questions as "Answered"
I've tested it in two very different production VLANs having different DHCP servers. Any client connected to those VLANs, whether by Wifi or Ethernet, gets an IP address and can work normally. The Wifi client also works fine when L3 web policy is disabled. A client connected via AP successfully gets an IP address in any case. DNS resolution has been verified and the redirection to 22.214.171.124 also works. It's just the connection to 126.96.36.199 which fails, everything else up to this point appears to work.
BTW: Is there a way to test the availability of the authentication web server on the WLC, locally? I can ping 188.8.131.52 successfully, but this only verifies the interface, not the web server. Normally I'd try a telnet to 184.108.40.206:443, but did not find anything similar on the WLC.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...