09-27-2017 06:30 AM
We created a Captive Portal SSID, but the user cannot see the Portal. All Internet website is denied. If we change the AAA Initial Role from guest-logon to guest, it was able to open Internet websites.
The user can resolve DNS, ping external address, but cannot open a website and cannot ping the controller IP. From controller I can ping the device IP.
It's a tunnel SSID. The DHCP and Gateway are an external device (PA firewall).
Follow the config:
user-role "XXX Public-guest-logon"
captive-portal "XXX Public-cp_prof"
access-list session global-sacl
access-list session "apprf-XXX Public-guest-logon-sacl"
access-list session logon-control
access-list session captiveportal
aaa profile "XXX Public-aaa_prof"
aaa authentication captive-portal "XXX Public-cp_prof"
server-group "XXX Public_srvgrp-xve68"
wlan ssid-profile "XXX Public-ssid_prof"
essid "XXX Public"
ht-ssid-profile "XXX Public-htssid_prof"
wlan virtual-ap "XXX Public-vap_prof"
aaa-profile "XXX Public-aaa_prof"
ssid-profile "XXX Public-ssid_prof"
What kind of troubleshooting can we do?
Solved! Go to Solution.
Re: Captive Portal SSID not working
09-27-2017 08:01 AM
Yes. We changed just to test. But "guest-logon" and "XXX Public-guest-logon" has the same policies...
This is not the problem, unfortunately. Have another idea?
Even if the problem is external of the Controller. Where can we look in these cases?