09-17-2013 08:05 AM
I'm working in my lab to set up centralized guest egress where I build the vlan on the site controller and gre tunnel that to the data center where the guest vlan (and guest firewall lives).
I have that pretty much working. My client gets a guest vlan IP address, but he's not forced to the captive portal. Open to suggestions there.
However...I'm thinking of traffic like Airplay...since my L3 address is at the data center, that's gonna suck.
Is there a way I have the L3 address on my site controller and still tunnel MOST of the traffic back to the data center controller. And then leak Airplay type traffic out to the site LAN?
09-17-2013 08:22 AM
If you aren't seeing the captive portal it's likely a 'trust' issue. Ensure/double check that when the users pop up at the centralized controller they are untrusted first and that should kick off the captive portal with a logon-style role.
09-18-2013 04:04 AM
Is DNS resolution for public websites happening for the guest clients - this is a prerequisite for captive portal and time and again people forget this.