Hey Guys, Maybe someone can help me with my problem with captive portal.
I have a controller that has several Vlans
Example:
Vlan 1, 10.56.1.40
Vlan 2, 100.56.120.40 Employee
Vlan 3, 172.16.1.40 Guest
Port is setup as 1 Native and also allows 2 and 3
Depending on the SSID, it will place the client into the appropriate vlan and the client grabs a correct IP. The controller is not the DHCP server.
My Employee clients are able to 802.1X authenticate and it is all good.
My Guest clients can get an IP and just sit there. I “CAN” ping anything on the network. But when I try to http or https, the redirect does not work. I can apply Any any any to the top of the ACL and I can reach everything. So my dstNating is not working with the redirect.
Another tidbit,If I:
Create Vlan 4 192.168.1.1
Enable src nat
Do not add to the trunk port
Create a DHCP Scope, 192.168.1.2-254
Apply this to the guest VAP
Captive portal will work, but this is not how we want it.
I am using guest-logon and guest as my roles.
user-role guest-logon
access-list session logon-control
access-list session captiveportal
!
user-role guest
access-list session http-acl
access-list session https-acl
access-list session dhcp-acl
access-list session icmp-acl
access-list session dns-acl
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
ip access-list session captiveportal
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
Anything would be great, thanks.
Also, what is the url of the captive portal page? can this url be reached by computers already on the network?