Hi, Guys,
We created a Captive Portal SSID, but the user cannot see the Portal. All Internet website is denied. If we change the AAA Initial Role from guest-logon to guest, it was able to open Internet websites.
The user can resolve DNS, ping external address, but cannot open a website and cannot ping the controller IP. From controller I can ping the device IP.
It's a tunnel SSID. The DHCP and Gateway are an external device (PA firewall).
Follow the config:
user-role "XXX Public-guest-logon"
captive-portal "XXX Public-cp_prof"
dpi disable
web-cc disable
access-list session global-sacl
access-list session "apprf-XXX Public-guest-logon-sacl"
access-list session logon-control
access-list session captiveportal
!
aaa profile "XXX Public-aaa_prof"
initial-role "guest-logon"
!
aaa authentication captive-portal "XXX Public-cp_prof"
server-group "XXX Public_srvgrp-xve68"
protocol-http
!
wlan ssid-profile "XXX Public-ssid_prof"
essid "XXX Public"
ht-ssid-profile "XXX Public-htssid_prof"
!
wlan virtual-ap "XXX Public-vap_prof"
aaa-profile "XXX Public-aaa_prof"
ssid-profile "XXX Public-ssid_prof"
vlan 954
!
What kind of troubleshooting can we do?
Regards,
Paulo R.