Wireless Access

I am looking into why a client is unable to access a resource on one controller that he is able to access on a different local controller.  I verified that he has the same role on both controllers.  I monitored his session on both controllers and am seeing him get denied on one of them.  The firewall policy that should allow him access includes a netdestination with named entries.  Both controllers have DNS servers specified and include "ip domain lookup".  Both controllers can ping the named entry in the netdestination.  The only difference I can see is one controller is a 3600 and the other a 3200XM.

 

It appears as though the 3200XM isn't working with named entries in netdestinations.  I am working up a test today to confirm this is the case, but wanted to throw it out there to see if anyone has seen this before.  And to confirm, only a DNS server and "ip domain lookup" are required for named entries, right?

#3600

You should also be able to ping a dns name from the commandline of the controller to test if dns resolution is working.

Yep, that works.

Why don't you have the client reach the resource via ip address, so you can rule out name resolution, then?  If the client still cannot reach it, it is not name resolution, right?

Yeah, that's what I'm testing later today. I just thought I'd get some
feedback from others in case this was a known issue or limitation.

No limitation or obvious bugs.

 

Please check "show firewall dns-names" to see how that address is being resolved to see if the fqdn is being resolved to the same address on both platforms.  

Okay, cool.  I was looking for a command like that.  Thanks!

When I use that command, about half of the DNS names resolved.  Should all of them have resolved?

It should show up there after you attempt a resolution. The others could have aged out.

Ah okay.  I assumed they'd always be populated/fresh so they'd be immediately available when a netdestination is called upon by a firewall policy.