AAA, NAC, Guest Access & BYOD

How to resolve securelogin.arubanetworks.com to DMZ controller's IP address when the guest traffic is tunneled to DMZ controller

by on ‎11-11-2014 12:47 PM

Environment         Typical environment where guest traffic is tunneled to DMZ controller from master/local controller or IAP.

 

We have seen issue with guest user authentication when the traffic is being tunneled from master/local controller or IAP to DMZ. Because DMZ controller is the authenticator but when the client tries to resolve securelogin.arubanetworks.com during guest login/post the master/local controller or IAP will respond with its IP address, since the default certificate CN of the controller matches the FQDN securelogin.arubanetworks.com.

Solution 1:
Installing a new/dummy server certificate on master/local controller or IAP with different CN other than securelogin.arubanetworks.com (eg: xyz.arubanetworks.com or customerdomain.com) and mapping the installed certificate to Captive Portal under Configuration >> MANAGEMENT >> General, will tunnel securelogin.arubanetworks.com lookup query from client to DMZ and DMZ will respond  to the client with its IP address for proper POST and authentication.

 

1.png

 

Solution2:
Install a dummy certificate on the DMZ controller and replace securelogin.arubanetworks.com with CN of new certificate in ClearPass Guest under self-registration or weblogin NAS Setting >> Ip/hostname.

 

2.png

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.