There are numerous possible reasons why the Public Spot login page cannot be invoked.
This article describes the relevant configuration items and analysis options. Requirements:Check and modify the configuration:
1) Ports and access permissions:
1.1) On the device operating the Public Spot, switch to the menu Management → Admin → Access settings.
1.2) Change to the menu Access rights and choose the logical interface used by the Public Spot network (e.g. WLC tunnel).
1.3) Ensure that access to the protocols HTTP and HTTPS is allowed.
1.4) Now go to the menu Management → Admin → Access settings → Access stations.
1.5) Create the Public Spot network only if access stations have already been stored.
Do not create the Public Spot network if there are no access stations stored yet. Otherwise, access to the device will be impossible from all other networks!
1.6) Go to the menu Management → Admin → Access settings → Access rights.
1.7) Ensure that the HTTP port for the interface used for the Public Spot network (e.g. WLC tunnel) is set to Automatic.
1.8) Navigate to the menu Management → Admin → Ports.
1.9) Check the settings for the ports: HTTP must be 80 and HTTPS must be 443.
2) Enable DNS resolution (no Internet connection set up on the Public Spot device):
In order for the Public Spot to function, the device operating the Public Spot must act as the DNS server for the Public Spot network.
If the device operating the Public Spot does not have its own Internet connection, you need to set up DNS forwarding.
2.1) Navigate to the menu IPv4 → DNS → Forwarding.
2.2) If no DNS forwarding is in place, you need to set this up.
Enter the following information to this end:
- Domain: Enter the wildcard *. This represents any number of characters.
- Remote site: Enter the IP address of any DNS server (e.g. the upstream router or a public DNS server on the Internet).
3) Create a routing entry (no Internet connection set up on the Public Spot device):
If the device operating the Public Spot has no Internet connection but it should use a DNS server on another network (e.g. on the Internet), a routing entry needs to be created.
3.1) Switch to the menu IP router → Routing → IPv4 routing table and check that a default route is in place.
3.2) If no default route has been entered, click the button Default route to open a template.
The default route is important not only for the DNS resolution, but also for any communication from the Public Spot network to the Internet.
3.3) Save the following parameters:
- Router: Enter the IP address of the upstream router.
- IP masquerading: Set the radio button to IP masquerading switched off.
4) Device host name in the Stations table:
In order to prevent guests from seeing or having to enter the IP address of the Public Spot to enter the status page, the Public Spot is given a device hostname. This must be stored in the Stations table together with the IP address of the Public Spot network, so that the resolution of the device hostname is possible.
4.1) Switch to the menu Public Spot → Server → Operational settings and check if there is an entry under device hostname.
4.2) If there is a device hostname in place, navigate to IPv4 → DNS → Host names and check that there is an entry containing the IP address of the Public Spot network.
In some cases, network clients may not be able to handle a device hostname. In this case, the device hostname in the Public Spot has to be deleted.
Generating ping tests and traces:
Often, the Public Spot login page cannot be invoked because DNS resolution is not working.
- Connect a network client (such as a notebook) to the SSID of the Public Spot and enter the IP address of the Public Spot network or the device hostname into the browser. If the login page can be accessed, there are problems with the DNS resolution.
- Check to see if DNS resolution works with another DNS server (see step 2.2).
- Use the command-line interface (with administrator rights) of the device and start a DNS trace by means of the command tr # dns (the same command is also used to stop the trace).
- Then use the command ping <URL> to ping on any website (e.g. ping www.google.com).
Not all websites respond to ping requests. If necessary, you should test a number of websites.
If DNS resolution using multiple DNS servers does not work, you should check to see whether the DNS servers themselves are reachable.
To do this, start an IPv4 host trace (tr # ipv4-host @ icmp) and then ping the IP address of the DNS server. Repeating the command stops the trace again.
Not all DNS servers respond to ping requests.