Wireless Access

I need to present a short video from YouTube while the captive portal is being used. The user has a PreAuth role...can see the youtube page, but cannot play any stream at all

this is thei config

!
netdestination google
name google.com
!
netdestination youtube
name youtube.com
!
ip access-list session logon-control-youtube
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
user alias youtube any permit
user alias google any permit
!
user-role youtube_cp_logon
access-list session logon-control-youtube
access-list session captiveportal
captive-portal YOUTUBE_cp_prof
no openflow-enable

 

May I have anything missed....??

Do you see any traffic being denied in the datapath session? What version of code is this and do you have AppRF enabled?

The version code is 8.3 and AppRF is enable 

it is hitting the following in the show acl hits role command.

 logon-control-youtube            user  youtube              any                  permit                1         29          25561  ipv4

 

I would suggest getting a packet capture of a client passing traffic to the YouTube video without restrictions, to verify the source(s) that need to be contacted.

It’s been awhile since I’ve done this specifically, but two thoughts. 1) allowing google.com will break captive portal detection for most Android devices and Google places most services behind that domain. 2) cloud video content usually comes from various sources and cdns. Since it’s embedded in the browser content, it looks like google.com it YouTube.com to the user, but the actual sources requested or served will be different.