Guest Wireless does not prompt to login if DNS is changed

rhap4boy
Just browsing

Guest Wireless does not prompt to login if DNS is changed

Coexistence of WLC based and Meraki Wireless APs.

 

We are trying to reconfigure our guess wireless so it does not use internal DNS server.

We couldn't use OpenDNS because we still need to statically define an entry to resolve a wireless.domain.com to virtual address 1.1.1.1 so it is compatible with our existing WLC based wireless.

We decided to host the DNS server on our Firewall which support DNS server services so that we can statically define that entry. The IP address of the DNS is also the gateway of the wireless client.

 

If we leave the DHCP assigned DNS to use our internal address, guest wireless will prompt to login to portal.  DNS entry of the clients shows the internal DNS servers correctly.

However, if we change DHCP assigned DNS to use our firewall gateway which hosts the DNS server, guess wireless will not prompt to login to portal and get on the web without authentication.  DNS entry of the clients shows 127.0.0.1 instead. 

 

What could be the cause of this? Is there a pre-authentication ACL that we need to configure?

Thank you.

 

7 Replies 7
alemabrahao
Kind of a big deal
Kind of a big deal

You cannot use 1.1.1.1 because it is a public DNS and is no longer recommended for a few years, instead you have to use 192.0.2.1
Do this and your problem will be resolved.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213535-wlc-virtual-ip...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.


@alemabrahao wrote:

instead you have to use 192.0.1.2.


Just to clarify: It should be an address from 192.0.2.0/24

alemabrahao
Kind of a big deal
Kind of a big deal

Oh and see what's wrong with your DNS too, because the user's machine seems to be resolving locally on the machine instead of your DNS.

Did you set the DNS manually or did you change it on your DHCP server?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

We changed it on the DHCP server, not locally. 
Forgot to mention this issue of no prompting for the login portal happens on the Meraki wireless not the WLC base wireless. As long as we have that static entry defined, the existing wlc based wireless works fine in either scenario.  However, for the new meraki wireless, it does not prompt if the DNS is set to the firewall gateway.  The new Meraki wireless shouldn’t depends on any 1.1.1.1 virtual address.  I am curious why it changed the client DNS to 127.0.0.1 instead of the gateway.

Are you sure your firewall responds to DNS requests? Have you tried another DNS like google for example?

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

>DNS entry of the clients shows 127.0.0.1 instead. 

 

Either DHCP is not giving out the correct DNS entry, or something on the machine is changing the DNS setting.

Get notified when there are additional replies to this discussion.