WAP321 - captive portal in 2 VLAN different
Hello
I have a Wap321 installed in my network. IP: 192.168.0.36 - VLAN 1
If I'm in the local network, I don't have any problem to use the wireless.
I just added a guest VLAN for people who need to connect Internet, without access to the network. So I install a second SSID and label with vlan 50. I can access the Internet. But if I want to active the captive portal, I can't access it because the address is in the VLAN 1 (or 192.168.0.36).
How can I configure my Wap321 having the captive portal in the VLAN 50, and not in the VLAN 1?
Thank you
Alex
Hi Alexander,.
For interVlan on ISA5510 setting, yes the same security settings is the first step to enable this function runs. This article will help you configure InterVlan routing.
https://supportforums.Cisco.com/thread/2035882
Tags: Cisco Support
Similar Questions
-
WAP321 captive portal - impossible to set up the guest network connection
Hello community.
I use two WAP321 with the latest Firmware (1.0.6.2) in a cluster.
Both are connected to a switch SG300-10 (FW: 1.4.1.3) in Mode of L3.
The switch is connected to a router RV130 (FW: 1.0.2.7).
The router has Inter-VLAN-routing active and static routes for my VLANS configured.
To one of the Interfaces of the router is a connected DNS/DHCP server that manages the resolution of names and the dynamic distribution of IP4 for my network.
In my network, I have different VLAN for customers, management, server, test and the WLAN clients.
So far so good.
I have install on the WAP321 cluster, an intern (VAP0) and a guest WLAN (VAP1) using the Setup Wizard.
Delivery of DHCP and DNS lookups are ok for two wireless LANs.
Settings WAP VLAN and IP4 address are:
-untagged VLAN: enabled
-untagged VLAN ID: e.g. 3
-Management VLAN ID: the same without tag VLAN ID
-IPv4 parameters are static in the ip range of the VLAN untagged
-DNS server are set to manual for a server in VLAN 4 and to 8.8.8.8
My problem is that I can connect to the WLAN comments but I never get the captive portal login screen.
The First-Instance Association captive portal is set to VAP1.
The Configuration of the Instance in captivity 'Vérification' is located in the local.
A group and users are configured.
The customer obtain an IP address in the host IP address range VLAN and can search names and IPS, e.g. www.cisco.com.
If I try to open a Web site, and then I get the message that the server did not respond.
Impatience on your part.
Best regards
Rainer.
That's great. I'm glad to hear that.
Eric Moyers
-
LAPN600 captive portal 401 errors
I have the following configuration:
- (2) LAPN600 APs with 3 ESSID configured, one of which is a captive portal.
- ANNUAL has the latest firmware and has been configured with this version of the firmware.
- The captive portal is on vlan 100and firewall rules allow access to ports 80 and 443 on the address of vlan native 1 to the captive portal landing page.
I discovered a problem where the user receives an "unauthorized 401 - Access denied" error immediately after the connection, trying to load the captive portal landing page. This happens on all types of devices (Windows, Andorid, iOS).
I don't think that it's a firewall rule because it is able to load the page with the error 401. There seems to be an internal bug in the AP, rejecting clients without any apparent reason. This happens on the two Access Points in the building. I made a screenshot of the error packets and see that the device performs a normal redirect:
597 54.008251 10.1.100.146 10.1.0.3 627 GET HTTP /portal/signup.cgi?client_mac=ccfa00e9a571&sessionid=128e2d1284&url=http://connectivitycheck.gstatic.com/generate_204 HTTP/1.1
and a 401(k) is returned:
602 54.021614 10.1.0.3 10.1.100.146 66 HTTP HTTP/1.1 401 Unauthorized (text/html)
When I roam between access points, I have to authenticate again to launch page which should, however, about 50% of the time when I roam, I get this 401 when you try to load the page of launch of the new access point.
Any help is appreciated.
Thank you!
I recommend that the captive portal be on VLAN1 there is a known issue with having it on a default VLAN.
-
Hello
I was reading a lot of previus discussions, but I still understand if I can do it!
I don't know that "HTTP redirect" can be used to send to the external web site, but I can use that authentication?
If it is not possible, can I use this access point in some controller?
Thanks in advance.
.
Hello
I also wanted to add that compared to the WAP121 and the WAP321 that only the WAP321 takes in charge the captive portal and not the WAP121 but they cluster always between them well when you run a certain firmware (do not know if they are released with a newer firmware that already has cluster option or not). Links to the form below if you would like more information on these products. So if you were wanting to buy an AP for the captive portal the WAP321 would be the way to go.
Hope that helps out.
Thank you
Clayton Sill -
Is there a way to disable this feature?
I have a client with only a single IP address. Port 443 SSL for a web server, so Anyconnect SSL is now listening on a different port.
When we changed the port and updated the profile of the customer, the customer think that now he is a captive portal inbetween and requires the user to authenticate first via web. This works very well but is now add this extra step to the process connection.
I don't understand why Anyconnect (knowledge of the profile that the VPN client is on a different port) is still visibly looking to 443.
Here, any help would be appreciated.
You specify the port in the profile but if you change the port you must specify this in the client too. By default, client AnyConnec will go to 443: here's an example.
-
Need help, troubleshooting a LAN hotel (captive portal)
This problem is not specific to Firefox, but I'm trying to see how I can use Firefox debugging features to solve a network problem. I stay in a hotel in China that uses a so-called "captive portal" to authenticate individuals before using the network. (This means that his first action navigation is redirected to the web page of the hotel for entering login information - as is often done in cafes, etc.). Using my own laptop, the redirect works if I use wifi and fails if I use the network cable (Firefox and IE both give the same result). I want my PC to work in both cases (and, in fact, it worked the day before by using a network cable to another location in the same hotel chain, which also uses what seems to be the same system of redirection). The hotel staff showed me that a PC provided by the hotel will work with the cable. So from their point of view, something is wrong with my PC, and from my point of view, something is wrong with their network. I need to know who he is.
I enabled HTTP logging in Firefox on my PC. I noticed a cycle of GET requests where a URL has been hardcoded URL several times (so ':' becomes '% 3A', which becomes 'a 253% ', then '% 25253A', etc.). For GET requests get longer before reaching a limit, I guess... the end result being an error '400' ('bad request'). Because their servers are initially redirects, I can only assume they have a bug causing this repetitive URL encoding. But, mysteriously, the PC provided by the hotel does not have the problem (and neither does my PC when using wifi). As far as I know, Firefox and IE both fail in case of failure, and both are successful in the case of success, then I do not suspect the browser.
My goal is to fix my system (if that is where the fault lies) or show the hotel staff which is the fault in their network (by demonstrating that the fault can occur even without my PC being involved). Effort on the PC provided by the hotel of troubleshooting is limited by the fact that, once authentication succeeds, I can't induce it expires, so I can't experiment a lot with the mechanism of redirection using this PC. Any ideas?
Try this: go to your Control Panel then network and sharing Center then click on change settings card on the left side. Right click on your Ethernet-> properties, and then select internet protocol version 4-> properties and click on obtain an ip address automatically and obtain dns server automatically.
-
How can I set up an automatic connection with the captive portals on iOS?
My public library has a system called Wi - Fi Spot, which requires that employers use their library card number and pin code to connect. They enter this information the first time they connect, and expect that the BONE will retain this information for the next time, they connect. This isn't. I understand that this WiFi configuration uses what is called a captive portal as a front end of connection. My question is, how do I configure the operating system to maintain login information?
You have activated and completed Autofill? Settings > safari > AutoFill >
How about you try settings > safari > passwords and by adding an entry for the portal. Assuming of course he has a static URL.
If you read this manual for iOS Apple's Safari, it seems that Safari will respond to an offer/suggestion by a Web site, but does not have to remember a username or password otherwise. I guess the "when prompted" is a reaction of Safari to a website, not the other way around.
I also would not assume that their portal invites you to register a user name. As I understand it in web programming, it is not a given.
FWIW, my library has a similar sign in the program installation, but with their check boxes to remember my user name and PIN code. He worked for 4 weeks and then resets. When asked, they say it's a safety thing.
-
Hi all
Not sure if I'm posting this in the right way/area so sorry if I'm wrong.
Anyone know if there is anyway to run the captive portal on Cisco RV120W?
I have multi sites and launch it on the RV180W to one and have a site with RV120W and would like to mirror the site of 180.
Any help would be much appreciated.
Thank you.
Captive portal is not supported on RV120W or RV220W.
-
captive portal url that refers to a domain name
in a pilot project, during the setup of initial installation ISE, I configured a local domain. After installation, I then changed to use a domain name business resolved by the DNS server in the company, but even if the console accepts the new domain and the ISE GUI shows the new correct FQDN, I have problem with captive portal page resolution because the redirect url created automatically by the ISE for the CWA are still called the ISE with the old domain used in the initial configuration thus creating a problem to resolve the url.
The only reason I can think, present at the client cert is always composed the old FULL domain name. As we changed the domain name, you must generate a new certificate and install it on the ISE so that CN must match the new FULL domain name.
Jatin kone
-Does the rate of useful messages- -
P2V on servers by omitting of VLAN different
We've been migrating servers to our new VMware guests, and so far the P2V conversions are continuing smoothly. Recenly tried to migrate servers and they were all fail. The only difference I see is that they are in one VLAN different than others.
The hosts have a vSwitch supporting VLAN multipul, and I was able to move a virtual server in this VLAN and work with it, so everything seems to be fine up to now.
I am using vCenter Converter 5.0.1 build-875114.
Don't know what I'm missing.
Double please make sure that the source computer is able to resolve the DNS name of the host target ESXi (see http://kb.vmware.com/kb/1034292)
André
-
Communication of VLAN different using UME.
Hi all
I am a beginner engineer, so I have a bit of knowledge.
I tried to configure it by myself, but something bothers me...
I want you guys to help me!
In fact, I configured BPMH using the switches (CISCO & DELL) 4.
Please provide the attachment on the photo and the configuration of file (.txt) (I draw and scanned..)
As you can see the picture, you will know what I want to configure.
The point I want follows content.
(855) 935-7526 *. I want to communicate with switches together.
-online but, Dell 7024P communicates any other switches... I think awarding IP is 30 (192,168.10.91) vlan... others have
VLAN 10 (192.168.10.x)
In fact, he was very big problem.
2. only Dell 7024P does not communicate with the Internet.
Then, I set up static routing set of switches (ip route 0.0.0.0 0.0.0.0 192.168.10.94)
But only 7024 P does not...
To connect to the other, what can I do in 7024 P Dell switch.
Thank you, Daniel C.
See the CISCO3560, executed, stp.txt
See the CISCO3750, executed, stp.txt
See the DELL7024P, executed, stp.txt
See the DELL8024F, executed, stp.txt
The first thing that comes out of me, is that on the P 7024 30 VLAN IP address is in the same subnet as the IP addresses of 10 VLAN on the other switches. This creates a scenario on the Cisco and 8024 switches, where you cannot assign an IP address 192.168.10.x 30 VLAN. Because VLAN 30 does not have an IP address, it cannot be routed. The resulting transmission 7024 30 VLAN Tag traffic on port gi1/0/12 article. The CISCO_3750G receives traffic labeled for 30 VLAN, but then cannot do something with it.
There are two approaches to solve this. You can assign a different subnet to the VLAN 30. Then on each switch assign an IP address to VLAN 30. Configure the switch for VIRTUAL LAN routing on your CISCO_3750G.
Another option would be to not use 30 VLAN. Instead use 10 VLANS on the 7024 and VLAN 10 IP address assignment the 192.168.10.91.
Once you have the IP gene outside model, then I do it with fine adjustment covering tree instances. Here is a white paper with some useful practices and examples of UME use.
See you soon
-
Dear all,
I have to configure a 10/40 GbE switch MXL. In my scenario, each port 0/1-12 has access to 3 different networks.
1. Management (VLAN: 10)
2 storage (VLAN: 11)
3. Admin (not identified)
I can assign ports to access many VLANs. (labeled tengigabitethernet 0/1 - 12). But what happens if I have to pass the traffic which is not marked as well?
Kind regards
A trunk connection has a vlan native who is used for untagged traffic. Take a look at this document, he detailed step by step for a network connection.
See you soon
-
RV180W ping hostname between VLAN & different subnets
Hello
I had a RV180w with 1.0.3.10 closes. According to the name of position, I'm not able to resolve host names between different VLANS which affected to different subnets, for example, allows said I have the following hosts:
CASA:
192.168.241.100/25 (wired - VLAN 1)
Router: 192.168.241.1
DNS: 192.168.241.1
XBMC: 192.168.242.100/25 (Wi - FI - VLAN 2)
Router: 192.168.242.1
DNS: 192.168.242.1
If I try to ping from two sources to one of the two destinations, the only one I get is a message 'impossible '.
Authorized additional information routing between vlans & proxy DNS and if I try to look at the hostname under the 'nslookup' command, I could not resolve the host name, but if I do a "ping - a 192.168.241.100 ' it is said ' response from CASA (192.168.241.100) blah blah blah."
So what I'm missing here?
Hi Bruno, you can usually solve different subnet host name because the host does not know the subnet that treats it as a security measure.
Disable the firewall feature on your computers and which must fix, otherwise you will probably have to change the lmhost files.
-Tom
Please mark replied messages useful -
Mac OS 10.8 VM cannot reach subnet VLANS / different from the host with Fusion 5
I have a server of Mac Mini significantly improved, high-top of the range, operating behind a firewall, Zyxel USG. As the host, the Mac Mini runs a server OS X 10.8 virtualized with VMware Fusion 5 (mainly as an e-mail server). To avoid opening the ports directly to the host-MacMini and LAN1 to better customize security and settings area, I want to put the virtual machine on VLAN1.
However, no package VLAN is pass to the virtual machine. I tried two configurations:
Home > VLAN1 in Network preferences > VMware Fusion set to network via VLAN1 bridge > comments "Ethernet" connects effectively to the VLAN1
Home > (LAN1) Ethernet in Network preferences > set VMware Fusion to bridge network through LAN1 > comments > add VLAN1 to guest network preferences
In both situations, * zero packets * make out of the VM/comments on VLAN1.
My suspicion is that VMware Fusion 5 does not support packages VLAN marked.
Advice/suggestions for how to get the virtual machine to join VLAN1 or really, just a different subnet? Are there drivers tagging VLAN for VMware Fusion 5?
The FIXED - partially, at least.
It had to do with the package being truncated by VMware. After I have configured VLAN1 on the host, and then in the hardware parameters, chose 'Jumbo Packet Size'. Then I jumpered the VM via connection host VLAN1. ALTO! This works.
However, trying to connect to the virtual machine as a direct customer of VLAN1 is always unsuccessful. The virtual machine which truncates the packets when it sends them between the host and the guest (and vice versa). However, if tagging VLAN is the host to level (as I have it configured), then the virtual machine can communicate successfully on the VIRTUAL LAN.
-
vMotion - another subnet, VLAN different
I'm under ESXi 4.1. I have two hosts. Currently, the management network of my hosts are on the 192.168.5.x subnet and this subnet exists in its own VIRTUAL LAN. My vMotion Setup is also included in this subnet and VLAN. What I want to do is move my vMotion for a different subnet configuration and VLAN.
How would I go to do this? Every time I change the IP address of the vSwitch vMotion, I lose connectivity him given that I should change the gateway by default as well. When I update the default gateway, the default gateway of the management gateway is updated as well. I have to have management and vMotion on the same subnet network?
As long as the vmkernel ports used for vmotion are on the same subenet there is no need to configure a gateway on that subnet as the traffic will never leave the subnet-
Maybe you are looking for
-
Why the JRE is needed? [I uninstalled temporarily and FF366 still working]
Why the JRE is needed? I uninstalled temporarily and FF366 still works.
-
HP ENVY 750-167c Desktop: I just bought this PC can support this new video card?
We just bought this PC http://support.hp.com/us-en/document/c04812516 We have installed a gtx 750 Ti and its drivers and it worked very well. After a few months, so we decided to move to a 970 gtx so we had a CX500 of Corsair power supply. I installe
-
Hey guys, I have a problem with my laptop, that he often cut only when something like a scan virus and when I start up again it reconise even that windows didn't close properly. I checked and it is not a problem with the power supply.So I was just wo
-
Suggest the cDAQ chassis applicable
Hello In my application I will use a NI 9476, 9264 One, One two 9485, two 9265 9435 IO modules offer me please the appropriate chassis that I can use these modules. Thank you Prashant
-
Problems with services of automatic startup after Windows Update problem
These are probably related to many things I tried trying to solve the problem of Windows Update - until I found the answer to Fix It. That fixed my Windows Update, but now I have these problems. I tried to run the bat file that Sohail suggested in t