Meraki

Community

Guest Wireless does not prompt to login if DNS is changed

rhap4boy
Just browsing
‎May 20 2024 11:14 AM
‎May 20 2024 11:14 AM

Guest Wireless does not prompt to login if DNS is changed

Coexistence of WLC based and Meraki Wireless APs.

 

We are trying to reconfigure our guess wireless so it does not use internal DNS server.

We couldn't use OpenDNS because we still need to statically define an entry to resolve a wireless.domain.com to virtual address 1.1.1.1 so it is compatible with our existing WLC based wireless.

We decided to host the DNS server on our Firewall which support DNS server services so that we can statically define that entry. The IP address of the DNS is also the gateway of the wireless client.

 

If we leave the DHCP assigned DNS to use our internal address, guest wireless will prompt to login to portal.  DNS entry of the clients shows the internal DNS servers correctly.

However, if we change DHCP assigned DNS to use our firewall gateway which hosts the DNS server, guess wireless will not prompt to login to portal and get on the web without authentication.  DNS entry of the clients shows 127.0.0.1 instead. 

 

What could be the cause of this? Is there a pre-authentication ACL that we need to configure?

Thank you.

 

0 Kudos
7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 20 2024 11:25 AM
‎May 20 2024 11:25 AM

You cannot use 1.1.1.1 because it is a public DNS and is no longer recommended for a few years, instead you have to use 192.0.2.1
Do this and your problem will be resolved.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 20 2024 11:27 AM
‎May 20 2024 11:27 AM

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213535-wlc-virtual-ip...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
In response to alemabrahao
pdeleuw
Getting noticed
‎May 20 2024 2:29 PM
‎May 20 2024 2:29 PM

@alemabrahao wrote:

instead you have to use 192.0.1.2.

Just to clarify: It should be an address from 192.0.2.0/24

0 Kudos
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 20 2024 11:37 AM
‎May 20 2024 11:37 AM

Oh and see what's wrong with your DNS too, because the user's machine seems to be resolving locally on the machine instead of your DNS.

Did you set the DNS manually or did you change it on your DHCP server?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
rhap4boy
Just browsing
‎May 20 2024 11:51 AM
‎May 20 2024 11:51 AM

We changed it on the DHCP server, not locally. 
Forgot to mention this issue of no prompting for the login portal happens on the Meraki wireless not the WLC base wireless. As long as we have that static entry defined, the existing wlc based wireless works fine in either scenario.  However, for the new meraki wireless, it does not prompt if the DNS is set to the firewall gateway.  The new Meraki wireless shouldn’t depends on any 1.1.1.1 virtual address.  I am curious why it changed the client DNS to 127.0.0.1 instead of the gateway.

0 Kudos
In response to rhap4boy
alemabrahao
Kind of a big deal
Kind of a big deal
‎May 20 2024 11:57 AM
‎May 20 2024 11:57 AM

Are you sure your firewall responds to DNS requests? Have you tried another DNS like google for example?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎May 20 2024 1:38 PM
‎May 20 2024 1:38 PM

>DNS entry of the clients shows 127.0.0.1 instead. 

 

Either DHCP is not giving out the correct DNS entry, or something on the machine is changing the DNS setting.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.