Access Points

Reply
Occasional Contributor II
Posts: 31
Registered: ‎12-19-2010

Rap 5 wired Ap

good evening
I have a question regarding AP Rap 5:
In the wired profile when i choose forwarding mode as a tunnel it works well.But when i choose it split tunnel and try RAP it connect well but when i open any site this message appears "Web Authentication failed contact administrator for assistance"

what is the reason of that ?
Guru Elite
Posts: 20,808
Registered: ‎03-29-2007

Re: Rap 5 wired Ap

Make sure that in the Wired AP profile the "Trusted" box is checked.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 31
Registered: ‎12-19-2010

Re: Rap 5 wired Ap

But it is not allowed to check the trusted box in the split tunnel forward mode
Guru Elite
Posts: 20,808
Registered: ‎03-29-2007

Re: Rap 5 wired Ap

You are right. Let me walk through the commandline configuration for split-tunnel wired users:

First define the network that you want tunneled back:

config t
netdestination corp-network
network 10.0.0.0 255.0.0.0


Next, define the access list for the split user:

ip access-list session Corporate-split
user any udp 68 deny
any any svc-dhcp permit
user alias corp-network any permit
user any any route src-nat


Then, define the user role:

user-role Corporate-split
session-acl Corporate-split


Define the role that user gets by specifying it in the initial role of the AAA profile you are using:

aaa profile employee-laptop
initial-role Corporate-Split


Define the wired port profile and assign the AAA profile to that port:

ap wired-port-profile "employee-laptop"
wired-ap-profile "employee-laptop"
aaa-profile "employee-laptop”


Lastly, assign that wired profile to the ethernet profile you want to the ap-group you want it to:

ap-group "remote-ap"
enet1-port-profile "employee-laptop”


In summary we just assigned split tunneling to the enet1 port profile of all the access points in the "remote-ap" group.

Big thanks for the engineer from Asia for the text of this explanation.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: