I was using Document 100787 as a guide.
1. I have 1252 & 1142 AP's connected to the Wism (126.96.36.199 code)
2. FWSM I have a 4402 (188.8.131.52 ) appliance connected as my anchor.
3. ACS is ver 4.2
All of my wireless networks function as expected. I see the successful auth in ACS. I just built a new WPA2 network and set it up to use Splash screen redirect. It doesn't seem to matter what I do it just wont work. IE or Mozilla.
Test 1 was to drop the users at the wism. There was no splash screen.
There was no evidence of my url-redirect in the wireshark trace.
Test 2 used the 4402 as my anchor point with the same results.
In both cases the client was authenticated and was able to navigate the internet and other duties. The problem is apon opening the broswer there is no redirect.
Any thoughts ?
I am not sure I understand what you are trying to accomplish. Typically you do not configure L2 encryption such as WPA/2 on web authentication SSIDs. This is because it is difficult to manage L2 encryption on networks intended for guest use or non domain users. If this SSID is for guest/non domain users I would use a PSK and provide that to end users if you need to use L2 encryption. If this is for domain users I would normally use 802.1x for authentication via EAP-TLS or PEAP.
Yes this is a WPA2 AES /802.1x Network. Management has dictated that there must be a splash screen that comes up. Cisco states that this can be done. However I have yet to see how .
I assume you have already enabled the web auth on the SSID under L3 security. Once you are able to auth using L2 can you type the virtual interface IP address of the wlc? It is usually 184.108.40.206 or whatever you chose on install. Issues like this are usually related to DNS. The wireless client must be able to look up DNS names for the web redirect to work. If you are able to pull the splash page with the IP address then it fairly certain you have a DNS issue.
layer 2 WPA2 Policy
SPlash Page Web Redirect
Yes DNS works
Once the client has an IP and opens the browser they pull up the internet site. Just no splash screen
Are you able to pull the splash page directly by the virtual IP address? Also, have you had the same result when you set L3 to authentication rather than splash page?
I would try https://220.127.116.11 as well just for testing. The only thing I can think of is that since the WLC already sees the client as authenticated it does not route to the splash page. If you force L3 to require authentication as well does the WLC then present the page and request a password?
Have you tried creating a new ssid tied to the same dynamic interface using web splash only? This would at least prove if the wlc is serving up the page properly at all.
HUmmm... Did you anchor the anchor to itself?
Please mark the Question as Answered, if the provided information is correct and it helped. By doing that others can take benefit as well.
Community Manager – Wireless