This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

My devices can connect and authenticate to the external captive portal successfully, but are unable to browse the internet. Please Help!!

My devices can connect and authenticate to the external captive portal successfully, but are unable to browse the internet. Please Help!!

Dean_Ferraro
New Contributor III

‎09-14-2016 06:15 PM

My devices can connect and authenticate to the external captive portal successfully, but are unable to browse the internet. Please Help!! All appeared to be working fine a short while ago on version 9.12 but ever since upgrading to 10.01.06 this does not seem to work. We have two Identifi V2110 controllers. All appears to be the same for the Topology and Roles,I am thinking something must have changed in the policy rules to block this communication. Any help would be greatly appreciated.
0 Kudos
13 REPLIES 13

Dean_Ferraro
New Contributor III
In response to Dean_Ferraro

‎09-16-2016 01:22 PM

Thanks wound up being a static route in or Firewall that was the culprit.
0 Kudos

Steve_Ballantyn
Contributor
In response to Dean_Ferraro

‎09-16-2016 01:22 PM

Sounds like you might be battling a DNS issue. Do your DNS servers have forwarding servers configured? If not that would result in some servers taking forever to be located or not located at all.
0 Kudos

Dean_Ferraro
New Contributor III

‎09-15-2016 05:23 PM

Ron,

Thanks for the info on 10.11, this was available when advised to upgrade but I was told to only go as far as 10.01 as you have mentioned as well. I just cleared the device from NAC and rejoined it to the ECP. The device is again registered in the Authenticated Guest devices End-System Group on the NAC. I have also checked client report as mentioned and all is again appearing as it should, Green Lock and correct role of Guest. Only unable to ping by address or name and of course without this there is no browsing. I am going to review the rules and try what Steve is using to see if something shakes. Client in use is a windows 7 laptop that connects and works in all other testing but when joined to this guest ECP. Still digging Thanks

0 Kudos

Ronald_Dvorak
Honored Contributor

‎09-15-2016 06:57 AM

"My devices can connect and authenticate to the external captive portal successfully"

The question is whether that information reaches the controller.
Please check the client reports (GUI > Reports > Clients > By VNS) and make sure that the client has the green lock icon on the left (authenticated) and whether the correct role is shown.

If that is correct you'd to a simple ping from the client to see whether it is a DNS issue.
ping google.com and see whether the address resolution is working.....

# ping google.com
Pinging google.com [172.217.20.238] with 32 bytes of data:
0 Kudos

Steve_Ballantyn
Contributor

‎09-14-2016 08:18 PM

Hello Dean, there are so many different ways to go with troubleshooting this. First question is: why didn't you upgrade to the latest code? I would move ahead to 10.11.02.0032 in case you are battling an old bug.

If you think it's your policy rules, you may be right. On the Policy Rules tab on your *auth* policy role, I would check the following:
  • Is the "Inherit filter rules" checked at the top of the page?
  • Do you have AP or Custom rules checked?
  • What rules do you have in place? A screenshot would be helpful
Here is what my guest network Auth Policy looks like ... note the allow/deny and the direction (In and Out).

a656850823264d2bae4c1953e9602f78_RackMultipart20160914-116730-15aq780-allowrules_inline.jpg


0 Kudos
Top
GTM-P2G8KFN