Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

DNS-Problem WLC guest-WLAN

Hi!

I have the following problem with Cisco 2504 WLAN Controller.

A customer of mine bought a certificate (GlobalSign) for the guest-wlan. This certificate was successfully
implemented by me.
But now I´m having  problems with the DNS lookup (1.1.1.1 / wlan.mycustomer.de), because they don´t have any DNS-Server in their
WLAN-network. This network it completely physically seperated from their other networks. The WLAN-clients are going straight
to the router and internet respectively.

So I am not able to do a port forwarding of DNS via firewall into their main network.
The router is a AVM Fritzbox and unfortunately it is not possible to make any DNS host entries.

So what can I do? Any ideas?

They will not install any DNS-Server in this WLAN network!

Somebody told me that it is possible to make an A-record for the 1.1.1.1 at the provider´s side where the domain is located. But to be honest, I don´t know how this should work.

Thanks for any help!

4 REPLIES

DNS-Problem WLC guest-WLAN

You can request your provider to put in the A-record for you, and as it is linked to your customers domain, it should be fine.

The only thing I caution against is that IANA gave out the 1.x/8 subnet to a company.  So it is possible they could look out there and request that all records using their IP range be removed.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered

DNS-Problem WLC guest-WLAN

So, does it make sense to change the virtual IP to 2.2.2.2, 3.3.3.3 or whatever instead of 1.1.1.1?

How do I know which IP is not given out by the IANA?

DNS-Problem WLC guest-WLAN

You can go and check the IANA website to see what addresses are not assigned.

But I would just use 192.0.2.x/24 as this is reserved for documentation.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
Hall of Fame Super Silver

DNS-Problem WLC guest-WLAN

If the guest traffic is going straight out to the Internet, then you need to be able to resolve the FQDN of the certificate to the VIP of the WLC.  If they don't have an external DNS server and you have to actually have the company who manages their external domain, make an entry for their FQDN of the certificate to be used.  The VIP now has to be tied to one of their public address.  This works, because I have had to do this many times because of either, no company owned external DNS server, they don't want to open a port on the FW to allow DNS internally and or the service provider will not add a bogus IP address in an a-record.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
349
Views
0
Helpful
4
Replies