Strange it doesn´t detect that it´s a wlc redirection. Can you paste a sh client @mac (wlc) ?
Regards Fabrice Le 2014-10-23 14:35, Christopher Mielke a écrit : > I didn’t try to ping because of the ACL, but I was able to telnet to the > server on port 80. When I open a browser it tries to redirect to > “https://pf.drake.edu/captive-portal?destination_url=http://192.168.254.10/ > &”, but then it times out. > > Thanks, > _______________________________________ > Chris Mielke | Lead, ISS Network Systems > Drake Technology Services (DTS) | Drake University > > T 515.271.4640 > E [email protected] > > > > > On 10/23/14, 12:39 PM, "Fabrice DURAND" <[email protected]> wrote: > >> Yes this is correct but are you able to ping the portal ip address ? >> (Also change the acl to allow icmp) >> >> Fabrice >> >> Le 2014-10-23 12:36, Christopher Mielke a écrit : >>> Sorry it took so long to respond. I had to rebuild my test environment. >>> I >>> am able to connect to the SSID and on the wlc I can see the “PreAuth” >>> access-list is being applied. However, when I open a web browser I do >>> not >>> get to the captive portal. I am pointing to production DNS right now. Is >>> that correct? >>> >>> Thanks, >>> _______________________________________ >>> Chris Mielke | Lead, ISS Network Systems >>> Drake Technology Services (DTS) | Drake University >>> >>> T 515.271.4640 >>> E [email protected] >>> >>> >>> >>> >>> On 10/15/14, 12:23 PM, "Fabrice DURAND" <[email protected]> wrote: >>> >>>> Hello Christopher, >>>> >>>> it depend of your network configuration, but you can use an alias >>>> (eth0:1) as the ip address of the captive portal. >>>> >>>> But let´s start with a simple config, in packetfence create a >>>> management >>>> interface, registration interface and a isolation interface. >>>> >>>> The registration interface must be able to talk with the wlc and the >>>> devices connected on and don´t forget to disable dhcp on the reg >>>> interface. >>>> So on the wlc side configure an ACL (Pre-Auth-For-WebRedirect) that >>>> forward the traffic to the ip address of the registration interface and >>>> configure another ACL (Authorize_any) to allow any any and configure >>>> the >>>> WLC to be the dhcp server for the client. >>>> >>>> Then try to connect on the ssid and check the status of the client in >>>> the WLC, if all is ok you will be able to see that the ACL applied to >>>> the client is the Pre-Auth-For-WebRedirect. >>>> >>>> Let me know if it´s ok. >>>> >>>> Regards >>>> Fabrice >>>> >>>> Le 2014-10-14 17:49, Christopher Mielke a écrit : >>>>> I am completely new to PacketFence and trying to set up WebAuth for a >>>>> guest SSID using a Cisco WLC running 7.6.130.0. I have installed >>>>> PacketFence ZEN 4.4.1 and have it running. I am trying to follow the >>>>> instructions for ³Wireless LAN Controller (WLC) Web Auth² from the >>>>> network >>>>> configuration guide, but I¹m confused about the captive portal >>>>> configuration. In the guide it says the captive portal is using IP >>>>> address >>>>> 172.16.0.250 and the administration (I presume management) interface >>>>> uses >>>>> IP address 172.16.0.249. How do I set up a captive portal IP address >>>>> in >>>>> the same subnet as the management IP address? I apparently cannot use >>>>> the >>>>> management IP for the captive portal because iptables blocks HTTP(S) >>>>> traffic to that IP address because it is in the ³input-management-if² >>>>> chain. >>>>> >>>>> >>>>> Thanks, >>>>> Chris >>>>> >>>>> >>>>> >>>>> >>>>> ----------------------------------------------------------------------- >>>>> -- >>>>> ----- >>>>> Comprehensive Server Monitoring with Site24x7. >>>>> Monitor 10 servers for $9/Month. >>>>> Get alerted through email, SMS, voice calls or mobile push >>>>> notifications. >>>>> Take corrective actions from your mobile device. >>>>> http://p.sf.net/sfu/Zoho >>>>> _______________________________________________ >>>>> PacketFence-users mailing list >>>>> [email protected] >>>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>>> -- >>>> Fabrice Durand >>>> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >>>> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and >>>> PacketFence >>>> (http://packetfence.org) >>>> >>>> >>>> >>>> ------------------------------------------------------------------------ >>>> -- >>>> ---- >>>> Comprehensive Server Monitoring with Site24x7. >>>> Monitor 10 servers for $9/Month. >>>> Get alerted through email, SMS, voice calls or mobile push >>>> notifications. >>>> Take corrective actions from your mobile device. >>>> http://p.sf.net/sfu/Zoho >>>> _______________________________________________ >>>> PacketFence-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >>> ------------------------------------------------------------------------- >>> ----- >>> _______________________________________________ >>> PacketFence-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/packetfence-users >> >> -- >> Fabrice Durand >> [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca >> Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence >> (http://packetfence.org) >> >> >> -------------------------------------------------------------------------- >> ---- >> _______________________________________________ >> PacketFence-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/packetfence-users -- Fabrice Durand [email protected] :: +1.514.447.4918 (x135) :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (http://www.sogo.nu) and PacketFence (http://packetfence.org) ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
