AAA, NAC, Guest Access & BYOD

How to resolve securelogin.arubanetworks.com to DMZ controller's IP address when the guest traffic is tunneled to DMZ controller

Environment         Typical environment where guest traffic is tunneled to DMZ controller from master/local controller or IAP.

 

We have seen issue with guest user authentication when the traffic is being tunneled from master/local controller or IAP to DMZ. Because DMZ controller is the authenticator but when the client tries to resolve securelogin.arubanetworks.com during guest login/post the master/local controller or IAP will respond with its IP address, since the default certificate CN of the controller matches the FQDN securelogin.arubanetworks.com.

Solution 1:
Installing a new/dummy server certificate on master/local controller or IAP with different CN other than securelogin.arubanetworks.com (eg: xyz.arubanetworks.com or customerdomain.com) and mapping the installed certificate to Captive Portal under Configuration >> MANAGEMENT >> General, will tunnel securelogin.arubanetworks.com lookup query from client to DMZ and DMZ will respond  to the client with its IP address for proper POST and authentication.

 

1.png

 

Solution2:
Install a dummy certificate on the DMZ controller and replace securelogin.arubanetworks.com with CN of new certificate in ClearPass Guest under self-registration or weblogin NAS Setting >> Ip/hostname.

 

2.png

Version history
Revision #:
1 of 1
Last update:
‎11-11-2014 12:47 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.