Cisco Cisco 4402 Wireless LAN Controller Guide De Dépannage
wireless) to the WLC in the DMZ zone through the dedicated tunnel. DMZ WLC authenticates and assigns an
IP address to the clients. Typically, web authentication is the mechanism used to authenticate guest clients.
IP address to the clients. Typically, web authentication is the mechanism used to authenticate guest clients.
Troubleshoot Guest Access
Troubleshooting guest clients involves three main aspects:
Troubleshoot the EoIP Tunnel
•
Client Authentication
•
IP Address Issues
•
Troubleshoot the EoIP Tunnel
The EoIP tunnel is established using IP protocol 97 to pass the guest traffic between the local WLC and the
DMZ WLC. Failure in the tunnel results in the interruption of data flow. Perform these checks in order to
make sure the tunnel is established poperly:
DMZ WLC. Failure in the tunnel results in the interruption of data flow. Perform these checks in order to
make sure the tunnel is established poperly:
Check if the WLCs are configured in each other's mobility list even though they might be in different
mobility groups.
mobility groups.
•
Make sure that the DMZ controller is configured as a Mobility Anchor for itself and for the WLC in
the wired network, so that the guest VLAN clients get anchored to the DMZ WLC in order to get
authenticated and obtain an IP address.
the wired network, so that the guest VLAN clients get anchored to the DMZ WLC in order to get
authenticated and obtain an IP address.
•
Make sure the SSID and authentication parameters are configured exactly the same on both the
WLCs.
WLCs.
•
Make sure that the DMZ and local WLC in the wired network are reachable. Use mobility pings
(eping and mping) to test.
(eping and mping) to test.
Mobility ping over UDPThis test runs over mobility UDP port 16666 and tests whether the
mobility control packet can be reached over the management interface.
mobility control packet can be reached over the management interface.
mping mobility_peer_IP_address
♦
Mobility ping over EoIPThis test runs over EoIP − IP port 97 and tests the mobility data
traffic over the management interface.
traffic over the management interface.
eping mobility_peer_IP_address
♦
Note: Only one mobility ping test per controller can be run at a given time.
•
If there is a firewall present, make sure that the UDP port 16666 and IP port 97 are opened for
communication between the WLCs.
communication between the WLCs.
•
Client Authentication
Web authentication is the authentication method typically used for authenticating clients in a guest network.
Clients can access the Internet only after successful authentication. Even if they try to browse before
authentication, the WLC redirects the user to the Web Authentication Login page automatically, where the
user gets authenticated.
Clients can access the Internet only after successful authentication. Even if they try to browse before
authentication, the WLC redirects the user to the Web Authentication Login page automatically, where the
user gets authenticated.
However, in WLC version 3.2 or earlier, the client must manually type https://1.1.1.1.html in a web browser
in order to get to the web authentication page. For more information on web authentication, refer to the
Wireless LAN Controller Web Authentication Configuration Example.
in order to get to the web authentication page. For more information on web authentication, refer to the
Wireless LAN Controller Web Authentication Configuration Example.
If the feature does not work as expected after you configure web authentication, perform these troubleshooting
steps:
steps: