ArubaOS and Controllers

Reply
Occasional Contributor II
Posts: 44
Registered: ‎05-25-2009

Captive Portal SSID - DNS Redirect to Controller IP?

I've run into this once before, but I just don't remember how i resolved it.

I have an SSID setup to use external captive portal.
Logon is the default role for unauthenticated clients, and the controller is acting as a DHCP server, but not the gateway (L2).

Clients connecting to this SSID receive a DHCP address, with the correct gateway & DNS servers (external).

When clients try to navigate through their browser, they are instantly shown a page cannot be found message.

Troubleshooting this, I can see that DNS is resolving everything to the controllers VLAN 1 IP Address (on a different VLAN than the VAP we're connected to), which is causing the browser issue.

The gateway on this VLAN is pingable.

I've gone through the logon role, and there are no DNS redirects listed.... though DNS is permitted for the logon role.

Any ideas?

I'm using 5.0.1.0 for this setup.
Aruba Employee
Posts: 49
Registered: ‎04-02-2007

Re: Captive Portal SSID - DNS Redirect to Controller IP?

The command you are looking for is "ip cp-redirect-address "

-michael
Occasional Contributor II
Posts: 44
Registered: ‎05-25-2009

Re: Captive Portal SSID - DNS Redirect to Controller IP?

Thanks for this... this is definitely the right track, but this did not solve the issue.

DNS is still being hijacked to always return the VLAN 1 IP address of the controller.
There are no policies that show this behaviour is intended.

What's really interesting about the DNS hijack, is the logon-control rule for permitting DNS is getting hit by these clients, yet the controller is still taking over.

When I remove this policy, DNS is blocked, as I would expect.
Guru Elite
Posts: 20,993
Registered: ‎03-29-2007

Possible Issue.

Please open a case. There is a bug that is fixed in the upcoming 5.0.2.0 code that sounds very similar to this. If you open a case, they will tell you for sure.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 44
Registered: ‎05-25-2009

Re: Captive Portal SSID - DNS Redirect to Controller IP?

I'm in the middle of doing so... as this sounds like something in the background is causing it.

I'll post any updates the TAC can give me.
Occasional Contributor II
Posts: 44
Registered: ‎05-25-2009

Re: Captive Portal SSID - DNS Redirect to Controller IP?

This has been confirmed as a bug when using external captive portal in any firmware >= 5.0.0.0.

It is a known issue, and is reportedly fixed in 5.0.2, which should be out next week.
I'll have to wait until then to confirm it for myself.

Thanks for all your help.
Search Airheads
Showing results for 
Search instead for 
Did you mean: