Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Webauth with Flexconnect APs and locally switching WLAN



I have a customer who is running version 7.4  on a Cisco 5508 wireless LAN controller together with 1602 APs deployed across a number of sites.  They have all the APs set up in Flex mode and are currently locally switching all their wlan's onto a local VLAN, which all works fine.  They have recently requested to enable a guest WLAN with internal web authentication and allow the traffic to break out locally at the AP end with a seperate ADSL internet connection.  

With no authentication users are able to get access to the internet and when web authentication is enabled users do not get redirected for authentication.  However when you manually enter the address of the virtually interface ( you get presented with the webauth splash page.   I have tried a couple of combination with no real luck:

  • centralised DHCP and locally DHCP server from the firewall 
  • Enable and disabling NAT-PAT

Does anyone have this working and are there any particular config or software versions required?


Thanks in advance

Everyone's tags (1)

This should work perfectly

This should work perfectly fine on any 7.4 release your customer is running.  I have this configured in my lab right now and it is working fine, on both and  I'm pretty sure this works since 7.0 or possibly earlier.

The fact that you can "manually" redirect to the splash page indicates that the client is not able to perform a DNS query successfully.  Without DNS, the client will never attempt to form a TCP session to a remote web server, thus the WLC has nothing to intercept and redirect the client.

Try connecting the client, and while they're in the WebAuth_REQD state, have the client open the CMD prompt and perform an nslookup and try to resolve some public URLs.  If this doesn't work, which it probably won't based upon your description, to make your life easier, place a test client on the same "VLAN" as your guests should be getting, via a "WIRED" connection.  Work on resolving DNS resolution that way, to make it less convoluted.

Once the client is successfully resolving DNS on the same VLAN the guests will be using, then try your wireless client to see if they redirect.



New Member

Hi Did you get this resolved?



Did you get this resolved? i have the same issue