hello everyone,
i am using an e410 with configuration that wlan using vlan 2 for guest access by click throught.but i only want enable port 443 and 80 for guest user. i have tried permit tcp port 80,443 but user can't get ip from AP then i enable udp port 67 and udp,tcp port 53. it still not work. so any one have a solution for this?
Hope this isn't a VLAN issue. Did you check by defaulting the VLAN setting?
You may also want to check if any additional access control settings were applied such as MAC authentication.
guest's using vlan 2. and there's a pool for client.and when i config acl as below then client can not even get IP address.
Allow below ACL inside the guest access WLAN,
acl permit proto 2 udp any 67 any 68 out //Allow Packets From DHCP Server
acl permit proto 1 udp any 68 any 67 in //Allow Packet To DHCP Server
acl permit proto 3 any any any any 53 in //Allow DNS Packets To DNS Server
acl permit proto 4 any any 53 any any out //Allow Packets From DNS Server
acl permit proto 6 tcp any 443 any any out //Allow Packets To HTTPS Server
acl permit proto 5 tcp any any any 443 in //Allow Packets From HTTPS Server
acl permit proto 7 tcp any any any 80 in //Allow Packets To HTTP Server
acl permit proto 8 tcp any 80 any any out //Allow Packets From HTTP Server
acl permit proto 9 any any any any 880 in //Allow Packets For Guest Access Page
acl permit proto 10 any any 880 any any out //Allow Packets For Guest Access Page
acl permit ip 11 127.0.1.1 any out //Allow Packets For Guest Access Page
The WLAN configuration looks like this,
!
wireless wlan 1
ssid 1111-2222
no shutdown
vlan 200
security open
band 5GHz
dtim-interval 1
max-associated-client 127
mac-authentication policy deny
guest-access
acl permit proto 2 udp any 67 any 68 out //Allow Packets From DHCP Server
acl permit proto 1 udp any 68 any 67 in //Allow Packet To DHCP Server
acl permit proto 3 any any any any 53 in //Allow DNS Packets To DNS Server
acl permit proto 4 any any 53 any any out //Allow Packets From DNS Server
acl permit proto 6 tcp any 443 any any out //Allow Packets To HTTPS Server
acl permit proto 5 tcp any any any 443 in //Allow Packets From HTTPS Server
acl permit proto 7 tcp any any any 80 in //Allow Packets To HTTP Server
acl permit proto 8 tcp any 80 any any out //Allow Packets From HTTP Server
acl permit proto 9 any any any any 880 in //Allow Packets For Guest Access Page
acl permit proto 10 any any 880 any any out //Allow Packets For Guest Access Page
acl permit ip 11 127.0.1.1 any out //Allow Packets For Guest Access Page
!
Attached how configuration from AP UI looks,
thank you so much for your help but it's still not working. this is really drive me crazy. can get IP but not pop up page and access internet.
hi,
1. please share the AP tech dump and we should be able help you
2. If possible share the ethereal packet capture from the laptop, by connecting laptop to SSID and triiger guest access.
with regards,
channareddy
thank you all so much for your help. just only one problem's still remain. that is the portal page click throught which i configured is not showed up. i did ACL for port 880. but is that port for portal page? and have anyone tried that before? please help me.
Have you tried with port number 8080?
Hi
i just tried 8080 and still not working
hi,
plz share the ap tech dump or AP running configuration file, we load on our AP here and share working configuration.
below is my config file. please help me.
below is my config file.
can i have your email i'll send you right away. i did send you guys by choosing file but it's not work.
here is my mail id channareddy.ireddy@cambiumnetworks.com
