08-04-2010 08:41 PM
I have an SSID setup to use external captive portal.
Logon is the default role for unauthenticated clients, and the controller is acting as a DHCP server, but not the gateway (L2).
Clients connecting to this SSID receive a DHCP address, with the correct gateway & DNS servers (external).
When clients try to navigate through their browser, they are instantly shown a page cannot be found message.
Troubleshooting this, I can see that DNS is resolving everything to the controllers VLAN 1 IP Address (on a different VLAN than the VAP we're connected to), which is causing the browser issue.
The gateway on this VLAN is pingable.
I've gone through the logon role, and there are no DNS redirects listed.... though DNS is permitted for the logon role.
I'm using 18.104.22.168 for this setup.
08-05-2010 05:41 PM
DNS is still being hijacked to always return the VLAN 1 IP address of the controller.
There are no policies that show this behaviour is intended.
What's really interesting about the DNS hijack, is the logon-control rule for permitting DNS is getting hit by these clients, yet the controller is still taking over.
When I remove this policy, DNS is blocked, as I would expect.
08-06-2010 09:35 AM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-06-2010 05:17 PM
It is a known issue, and is reportedly fixed in 5.0.2, which should be out next week.
I'll have to wait until then to confirm it for myself.
Thanks for all your help.