Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
395
Views
0
Helpful
1
Replies

Guest Anchor Controller DNS issues

eoinwhite
Level 1
Level 1

‎05-08-2009 06:21 AM - edited ‎07-03-2021 05:34 PM

Hi,

I have an anchor controller (4402) is running version 4.0.219.0 in our DMZ

The main service we use is a guest service which uses the anchor controller in the DMZ for access to the internet. Authentication is via the WEB re-direct feature. We currently have a subnet assigned to the Guest SSID with a 22 bit mask providing just over 1000 ip addresses to clients.

Change required (which were attemped).

1. Move the dhcp server to a dedicated dhcp server and off the anchor controller.

2. Increase the address space to /21 thereby providing about 2000 addresses for clients. (By changing the ip address mask on the SSID interface).

Problems

The provision of dhcp from the new dhcp server worked fine and clients were able to pick up dhcp addresses when they associated to the wireless SSID.

The problem was that only some clients were being re-directed to the web-redirect page for authentication. Any clients who were re-directed were able to authenticate correctly.

Diagnosis

It appears that only some client's dns requests were being passed on from the anchor controller. A capture of packets between the anchor controller and the DMZ firewall did not pick up dns packets from an assiocated and connected client even when running dns queries manually from the wireless client.

A reboot of the controller did not make any difference.

Is there any throttling effect on dns queries which may have being implemented on the anchor controller by default once the subnet mask was increased? I noticed authentication successes of about 1 a minute while normally we would see authentication rates of 1 every couple of seconds.

Are there any bugs or known reason why an interface mask of /21 would be problematic on the controller?

We had to roll back the changes to the original configuration in order to bring the service back on-line.

Labels:
0 Helpful
1 Reply 1

sachinraja
Level 9
Level 9

‎05-08-2009 09:05 AM

Hello Eoin

Where is the external dhcp server ? in the same DMZ or on the inside network ? we have a /19 subnet allocated to the guests and I dont foresee any throttling on the dns queries.. The connectivity anyway till the anchor controller is on EoIP, and is just like the client connecting onto a local controller..

laptops which had issues -> was the problem interim or its just that they are not able to get the web redirect page at all ?

Check the release notes for any bugs on this software:

http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn402190.html#wp170104

Raj

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card