Some clients can't web authenticate - page doesn't load

  • 1
  • Question
  • Updated 4 years ago
We've got two SSIDs - one is a Guest network, one is an open network with Web Authentication (against AD) turned on.

When devices connect to either of these, some are presented with a login box or guest pass box, depending on the SSID they connect to.

However, a lot of users are reporting that they don't get this far, they get a "page cannot be displayed" or similar message, with the URL of the ZD listed in the error.

My Android phone is one giving an error, however it previously worked fine before we "went live".

I've seen the error on Windows Phone, Android and iOS, along with laptops using Firefox or Chrome.
Safari and IE seem to be fine though?

The ZD has a valid certificate generate by our internal CA and we're running firmware 9.6.1.0 build 15 on a ZD3000
Photo of Ben Sparkes

Ben Sparkes

  • 7 Posts
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Ben Sparkes

Ben Sparkes

  • 7 Posts
  • 0 Reply Likes
Ok sorted I think - it's because we used a private CA to generate the certificate.
Photo of Sid Sok

Sid Sok, Official Rep

  • 102 Posts
  • 48 Reply Likes
Check to make sure you are not running out of IP space. The symptom you are describing:
1. Some client work fine some do not at the same time.
2. Wlan is Open (WebAuth is only for Authorization to use the network, not security)
3. Some device used to work and not does not.

Check Monitor>Active clients and see if there are any client with IP address in the upper range of your IP pool, if you have a 192.168.1.x/24 and you see a client with 192.168.1.250 or higher you have probably have this issue.

You can do a few things to mitigate this issue:
1. Put a simple PSK key there so casual device do not grab and hold an IP
2. Increase your IP pool, though even this can be used up if the lease time is high and you are in an area where there lots of people.
3. Shorten the lease time on the DHCP server so the IP can be re-used, in public space may be 15-30 minutes, depending on the flow of device grabbing IP, intended or casual device.