Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

WLC ISR G2 guest access web redirect local auth

Hello,

Some background:

WLC 7.4.100.60 on 2911 ISR G2

This router is placed on an external datacenter and connected to remote site (where are the APs) by a provider VPN. No nat, routing is OK.

WLC (on 2911) == local router at remote site == local APs

Local AP :

AIR-LAP1041N-E-K9

7.4.100.60

Flex connect mode

This setup is fully fonctionnal with "classic" WLAN (WPA WLAN for example).

We want to setup, guest WLAN with local switching (Flex connect local switching mode + local DHCP + central auth by internal WLC Web auth, local user). Simple setup.

WLC has only two interface:

Management Int

Virtual int

The virtual int interface has 192.0.2.1 ip and there is no route to this IP.

Management Interface is routed and available from remote site.

AP at remote site is connected to WLC. We are able to deploy WLAN to it.

We create a WLAN no layer 2 security and layer 3 web policy + authentication + flex connect local switching + local DHCP (local server at remote site)..

This guest Wlan is successfully deployed to the AP at remote location.

We connect to the WLAN at remote location, are redirected to https://192.0.2.1/login.html?redirect=www.google.fr/ has it should for example and .... nothing.

Local packet capture show syn packet but no response from there.

Client is on WEBAUTH_REQD on WLC.

Debug on WLC used :

debug client MAC

debug pm ssh-tcp enable

debug pm ssh-appgw enable

debug pm rules enable

debug pm config enable

show client detail MAC

debug pem event enable

debug pem state enable

Troubleshooting debug used at WLC show no https request. It seems that it never make it to the WLC.

Following debug strategy of cisco doc we have no sshpmAddWebRedirectRules logs for example. Trying to reach login page produce no logs.

Last logs is

How client guest PC is able to reach this Virtual interface ? CAPWAP encap by the AP to the WLC management IP ?

No route is needed to this Virtual IP on this kind of setup ?

Thanks in advance for your time.

Best regards

Everyone's tags (4)
726
Views
0
Helpful
0
Replies
CreatePlease to create content