Aruba Instant & Cloud Wi-Fi

Reply
MVP
Posts: 517
Registered: ‎05-11-2011

Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

Hello!

 

So I've been struggling with this IAP setup with Clearpass for external cp for a few hours now, and can't get it to work as it should. It's a basic setup that I've done many times, but with a twist..

The AP is placed in a vlan X and gets an internal DNS. This resolves the clearpass address to it's internal address (ie: 192.168.47.10). The guest clients are placed in a different vlan Y and given a public dns like 8.8.8.8 that resolves a different IP (ie: 1.2.3.4) for Clearpass. This is as designed..

 

So - when the client in VLAN Y connects to the guest-ssid it's redirected to the internal ip (192.168.47.10) of Clearpass! (!!!!) I tried setting a static IP on the IAP and use the 8.8.8.8 DNS here, and then it redirected to the right (public ie 1.2.3.4) Clearpass IP.

 

Now I'm hoping this is just a nasty bug, and not a feature... There is no way that the IAP should proxy the request using it's own DNS instead of just letting the DNS request through the firewall and to the clients DNS server.

 

Anyone else encountered this? Or can tell me why this happens?


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

Is there a VPN connection or config applied here?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
MVP
Posts: 517
Registered: ‎05-11-2011

Re: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

No vpn. Basic iap solution. Iap is connected to a switchport with a native vlan and client vlans tagged. Dhcp etc is not handled by the VC.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

Can you please share your captive portal profile and user-role config
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 517
Registered: ‎05-11-2011

Re: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

The day after we had this problem we repeated the testing, and then things behaved as it should - using the clients DNS. I have no clue what caused this in the first place - as we tried multiple devices several times over hours of testing.. So signing this off to be a ghost in the machine thing..

 

 

 

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II
Posts: 18
Registered: ‎04-19-2015

Re: Instant - captive portal - the IAP use it's own DNS server instead of client dns server?

I'm having the same problem, did you ever get to the bottom of the issue?

Search Airheads
Showing results for 
Search instead for 
Did you mean: