There was a complaint from customer that after using AC as a portal server, users were unable to browse the internet Web pages when they write URL in internet browser.
It was observed that when IP address instead of URL of Web site is entered in to internet browser it is then redirected to portal page for authentication. Any user connected
to AC definitely writes the URL of Web Page instead of its IP address.
No alarm iformation was observed
On inquiring it was observed that users request would b classified in such a way that initially it should be entertained by DNS server instead of redirecting towards portal page
of Access controller 6605.
There is a command supported by AC which is portal free rule command that configures the portal authentication free rules for users. It liberates the specified number of users
to access the specified network resources without passing Portal authentication. The rule consist of IP addresses MAC addresses, interfaces and VLANs on the connected devices,
and user group.
portal free-rule 0 destination ip 192.168.2.1 mask 255.255.255.255 source ip
Here In Portal free rule command 0 represents the rule id.
Destination IP is 192.168.2.1 and subnet mask is that of DNS server.
Source IP any means that it comes from any user connected to that network.
By using portal free rule command user request is entertained by DNS server first and then redirected to built–in portal page of AC. if user authenticated successfully it would be
able to access the internet .
Customer requirement is to use external DNS server to resolve IP addresses for user. AC6605 is directly connected to router which was used as a DHCP and DNS server and
internet can be accessed from that router as shown in topology diagram.
Actually in portal authentication users cannot access networks before being authenticated. Users were able to ping AC so there was no issue of reach ability between AC and user.
Path between AC and DNS server is also reachable. Static routes were configured correctly.
In normal scenarios when user enter the URL into internet browser the request directed towards DNS server to resolve IP addresses and user is able to view the requested page .
In case of AC serving as portal server it forces user request towards its portal page so request to resolve the IP address was not entertained by DNS server and browsing does not
Before trouble shooting confirm the reach ability of devices. if browsing issue occurs it means DNS server is unreachable or specified DNS server is unable to resolve the IP address.
this would help to find the solution of problem quickly.