Description
Customer is using Captive Portal on the Meru controller for guest authentication.
When the guest user connects to the network, brings up the captive portal authentication page and enters their credentials, the Success page shows up after 90seconds to 3minutes.
The guest network is using a public DNS (8.8.8.8) for DNS lookups.
Scope
KB ARTICLE TYPE: Troubleshooting
RELATED PRODUCTS: Captive Portal, Controller
RELATED SOFTWARE VERSIONS: All
KEYWORDS: Captive, Portal, Guest
Solution
Root Cause: The firewall was not allowing traffic through to the public IP of the controller on port 8081….from the guest VLAN.
Resolution: We had to configure the firewall to allow traffic from the guest VLAN to the public IP address of the controller (199.168.xxx.yyy)...since this is a requirement for the redirect to complete successfully.
Analysis of Data/Packet Flow:
- Guest client authenticates/associates to the guest SSID.
- User opens up a browser and types www.google.com
- Guest client performs a DNS query to public DNS server 8.8.8.8 for google.com.
- DNS server responds with Google’s IP address.
- Client sends HTTP GET request to Google’s IP address.
- Controller intercepts the traffic and redirects it to the FQDN as indicated by the certificate’s Common Name: Https://Wlan-main.colum.edu:8081/vpn/loginformWebAuth.html
- Client does a DNS query to the public DNS server 8.8.8.8 for “wlan-main.colum.edu”
- Public DNS server responds with the controller’s public IP address 199.168.xxx.yyy
- Client sends HTTPS request to the controller’s public IP 199.168.xxx.yyy on port 8081.
- This is where it always failed since there was no direct access to the controller’s public IP 199.168.xxx.yyy. Once the firewall was reconfigured to allow traffic to that IP on port 8081, the issue disappeared.
