Hello,
1. VLAN is configured on controller (VID 11)
2. IP is assigned to this VLAN, 192.168.20.1/24
3. DHCP is enabled
4.
USPHXNRFW101) #show rights CUST_guest-logon_init_role
Derived Role = 'CUST_guest-logon_init_role'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 65/0
Max Sessions = 65535
Captive Portal profile = Cust_GuestAccess_RAP
access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 logon-control session
2 captiveportal session
logon-control
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 user any udp 68 deny Low 4
2 any any svc-icmp permit Low 4
3 any any svc-dns permit Low 4
4 any any svc-dhcp permit Low 4
5 any any svc-natt permit Low 4
captiveportal
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Low 4
3 user any svc-https dst-nat 8081 Low 4
4 user any svc-http-proxy1 dst-nat 8088 Low 4
5 user any svc-http-proxy2 dst-nat 8088 Low 4
6 user any svc-http-proxy3 dst-nat 8088 Low 4
other observations that may help...
I changed to tunnel mode instead of split-tunneling. I got an IP address in the range specified for the vlan assigned for this captive portal. I successfully got redirected to the cp splash page, authenticated. Although I could not browse the Internet, probably need to open more rules, and/or create rules at the upstream firewall, CP is working. I just can't get this DHCP to work.