We have a location that has four access points managed by cnmaestro. At the location we have a primary data network routed through a VLAN that is untagged. This network has no issues. We have secondary WLAN's routed through their own tagged VLANs, and we have the appropriate default gateways setup for their access. These networks on their own have no issues, and the subnets are protected via ACLs setup on the Cisco ASA they all route through (eventually). The secondary VLANs for the Guest Wireless LAN (lets say VLAN 20 is tagged) and works with or without security.
When the internal guest captive portal is enabled for this WLAN and someone connects they get the appropriate IP from the DHCP Server, but are not presented with the Guest Captive Portal or access. When I run Wireshark to check what's happening I see syn requests coming from the VLAN 20 and they are trying to route traffic through the primary untagged VLAN. We observed the same thing in other situations where we used the cnmaestro captive portal that the initial requests routes web traffic through the default untagged VLAN. If we setup a subinterface on VLAN 20 with a static IP it still attempts to route this traffic through the primary VLAN and subsequently does not present the guest captive portal.
Has anyone run into issues with guest captive portal on secondary VLAN's? Is there a suggested best practice for setup of a network that has multiple VLANs that does not require cross-communication between VLANs for authentication?
I am not seeing any tech-support file attached in any of the communication . Could you please provide the same , so that we can understand the config and recreate. Tech-support can be sent to Sandeshkumar.firstname.lastname@example.org .