Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Captiv portal and vouchers integration with ssid on wlc 9800

    Scheduled Pinned Locked Moved
    Captive Portal
    3
    69
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • GertjanG
      Gertjan @Jozy
      last edited by Gertjan

      @Jozy

      What / why is this ?

      f200bf7c-a5aa-42b8-bbc7-d23424be3230-image.png

      Btw : don't use things (devices) or rules like this that no one else has ever tried.
      Use proven methods.

      No "help me" PM's please. Use the forum, the community will thank you.
      Edit : and where are the logs ??

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Jozy
        last edited by johnpoz

        @Jozy said in Captiv portal and vouchers integration with ssid on wlc 9800:

        I dont know if it is possible to setup to work, since Cisco maybe has itself rules or incompatibility with ?

        nonsense - it can clearly setup a SSID that just connects to the network with no auth - just an open network.

        auth.jpg

        Normally when you run a captive portal the connection to the wifi is open, and the user auths with the captive portal.

        maybe this would be a good video for you to watch

        Youtube Video

        And with @Gertjan why would you setup a port forward???

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        J 1 Reply Last reply Reply Quote 0
        • J
          Jozy @johnpoz
          last edited by

          @johnpoz this is just basic video of how to configure basic/initial things.
          I agree with you that is should be just setup ssid and connect to network.
          I get dhcp address on both PC and wirelles, PC works on somw and wifi not.
          Not sure why cant ping over wifi my pfsense lan address but over wired network it works. There must be some other rule or permission on wlc or somwhere whic dont send echo replay or something.
          Im tired, seems will look for some other solution ๐Ÿ˜๐Ÿ˜

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @Jozy
            last edited by

            @Jozy again what rules do you have on this pfsense interface? What makes more sense wlc doing some odd firewalling thing when its just a AP when comes down to it or you have no rule to allow icmp on pfsense which when you create a new interface zero rules are on it.

            Create you simple wifi setup and do not enable captive portal on pfsense yet for this network. Make sure you have rules on this interface that allows what you want. I would start with any any rule.

            Make sure that works, you can ping pfsense IP, you can surf the internet, etc..

            Then enable the captive portal.

            to pfsense there is zero difference between a wireless client or a wired client - because to pfsense they come in on a wire.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            J 1 Reply Last reply Reply Quote 0
            • J
              Jozy @johnpoz
              last edited by

              @johnpoz this is what I sent earlier is interface OPT1 with any any
              d74d244d-d669-4946-8aa0-3dcc5f02f56a-image.png

              It is the same, with or without captiv portal enabled.
              The thing is as you said I deal with you that wlc have some restictions and should bypass it, but what ๐Ÿ˜๐Ÿ˜๐Ÿ˜‡

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @Jozy
                last edited by johnpoz

                @Jozy so your saying you can browse the internet through pfsense, but it doesn't answer ping?

                And those are the only rules you have for this interface - do you have any rules in floating?

                On your client when you try and ping pfsense IP, do you see the mac in the arp table?

                Do you have some ACLs set on your WLC - why would you block icmp??

                If your mac shows up and you say you can get internet through pfsense.. I would do a simple packet capture on that opt1 interface while you pinging.. If you do not see the ping - they yeah you have something blocking it between the client and pfsense. If you see the pings but just no answer than points to a floating rule in pfsense blocking it.. Or some weirdness with mask or something, but seems unlikely that internet through pfsense would work then.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                J 1 Reply Last reply Reply Quote 0
                • J
                  Jozy @johnpoz
                  last edited by

                  @johnpoz I have following situation.
                  Ping from OPT1 to 8.8.8.8 is working
                  9d31ed50-a4eb-43b2-8b3a-6384550e8738-image.png
                  Ping from PC to 8.8.8.8 and resolving you can see below
                  3d900a8a-d4c7-43fa-817d-9b3f7e2bf026-image.png

                  I can not ping gateway from the PC but can ping lan ip address
                  d0c7dfa5-758d-4a3b-b8a9-c2e3e779fe87-image.png

                  arp table below
                  9bca89bb-0cfc-45fd-b144-c696fa58507d-image.png

                  why default gateway is offline?? hm
                  30938951-b264-4337-af02-ce8a88001278-image.png

                  Floating rules
                  f97419e5-c2f7-4a50-b03c-ab410ba0106c-image.png

                  Wan rules
                  cf22d6c9-d036-430f-b3e6-1b995ebe1902-image.png

                  OPT1 rules where is network for wifi and im testing wired as well
                  e611405d-e608-434c-a842-6841d31ad8ca-image.png

                  NAT rules

                  339b8303-06b9-4814-9e30-b0b5476e730b-image.png

                  It is wierd I get captiv portal page but dont get internet even if I can ping and resolve it
                  64fa25c8-e430-47ee-b1c3-a2eca113d0d7-image.png

                  On port group on vmware for WLC I found missing vlan id 1160 which im using in network and dhcp and I have added it.
                  First have to figure out why I dont get internet over OPT1 network even if Captiv portal is showing up.

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @Jozy
                    last edited by johnpoz

                    @Jozy if this is pfsense IP

                    well.jpg

                    Why would .13 be saying it can not get there and be answering? That is your client device?

                    What is pfsense IP address on opt1, this network your wireless device is on??? is it that 160.1 address - if so then pfsense doesn't even know its own mac address?

                    mac.jpg

                    From that I would say pfsense IP on opt1 is the .229 address - why are you trying to ping 160.1 ???

                    Why are you using manual nat - which doesn't have this 10.223.160 network even?? Why would you have outbound nat set for your lan interface? Why would you use a source of any?

                    No wonder you are having issue - this is a complete and utter train wreck!

                    Set your outbound nat to auto..

                    Show the configuration of this opt1 network, lets see the output of ipconfig /all on your client.

                    You understand if pfsense IP is this .229, that would be the gateway of anything on the 10.223.160.0/24 network you setup on the opt1 interface.. What do you think this 160.1 address is - that is not pfsense, that that some other device on your network that you want to use to get off the network, ie a gateway.. Well pfsense can't even get a mac for this - so clearly its not actually on the network even..

                    Here as example this is a lan side interface of pfsense - its IP is .253, see how my client on this network points to that .253 address as its gateway

                    ipofpfsense.jpg

                    this is typical sort of outbound nat you would have have

                    outboundnat.jpg

                    Those are all my lan side of pfsense networks, pfsense has an IP in all of those networks.. The pfsense IP on those networks is the gateway for the devices on those network.. All my IPs on pfsense end in .253, .253 is the gateway for all the devices on the different networks..

                    Devices on my 192.168.3 would use pfsense IP on that network 192.168.3.253, devices on my 192.168.0/24 network would use pfsense IP on that network 192.168.6.253, etc..

                    Where and why would a device be using this 10.223.160.1 as a gateway? If some device is using that 160.1 as a gateway it sure is not going to send any traffic to pfsense, nor would it ever be able to use pfsense as a captive portal.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      Jozy @johnpoz
                      last edited by

                      @johnpoz I dont get it anymore. You said above "What nat rules - did you edit your outbound nat to not be auto?" now why "Set your outbound nat to auto.." hm

                      I would like to thank you for your time, but now definitely I give up :)

                      johnpozJ 1 Reply Last reply Reply Quote 0
                      • johnpozJ
                        johnpoz LAYER 8 Global Moderator @Jozy
                        last edited by johnpoz

                        @Jozy good luck with that mess.. I asked if you had messed with your outbound nat, I didn't say set it to manual..

                        Auto is the default - all of this would work with clicky, clicky with pfsense out of the box - the only reason it wouldn't is you messed with the defaults, etc..

                        Or you not even using pfsense as the gateway.. Which it seems your not.. ugggh..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post