ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 9
Registered: ‎08-09-2010

Captive portal over VPN not showing

Dear all,

we have 2 3200 controlers with vrrp, one main site, some remote sites connected with VPN (made with ASA Firewall ).

On each AP, 3 wifi profiles (with 1 VLAN for each): Corp (peap), mobile (wpa2), guest (open + captive portal)


On the main office, everything is working fine.

On the remote site, everything is working fine (corp and mobile) but for the guest wifi, the Captive Portal never shows on the client.


I do not understand because the tunnel Controler<-->AP works correctly (dispite of what other wifi profiles should also fail).

Any idea ?

Emmanuel
Guru Elite
Posts: 20,329
Registered: ‎03-29-2007

Mtu

Just a guess, but GRE over IPSEC may be causing fragmentation that is breaking the initial lookup. You might want to reduce the MTU in the AP system profile of that AP-group to 1200 to see if it will then work. Just as a test, try to do an nslookup for any site like yahoo.com. If that doesn't work, try to just go to http://1.1.1.1 If the http works, but the DNS lookup does not work, it might be MTU.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎08-09-2010

Re: Captive portal over VPN not showing

Thank you,

I will test this.

Emmanuel
Occasional Contributor I
Posts: 9
Registered: ‎08-09-2010

Re: Captive portal over VPN not showing

I have modified my MTU to 1200 but still no luck with the Captive Portal on this remote site (wich works well on local AP's).
Guru Elite
Posts: 20,329
Registered: ‎03-29-2007

Need to know

1. Is the SSID on that AP over the VPN connection tunneled?
2. Do the clients that associate to that guest ssid get ip addresses on the VPN side?
3. Can the clients connected to the guest SSID across that VPN connection ping the controller's ip on the guest subnet?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 9
Registered: ‎08-09-2010

Re: Captive portal over VPN not showing

1 - I suppose because this IP range would not be routed , but How could I check this ? (VirtualAP Guest profile is set to forward mode=tunnel)


2- YES the client gets an ip address (192.168.49.248/24) once connected to the Guest SSID
3- YES I can ping the ip address of the controleur (192.168.49.254/24)

Some more informations :

All DNS queries works
http://1.1.1.1 does not work
https://1.1.1.1 does not work

securelogin.arubanetworks.com resolves on the client to 192.168.49.254
https://securelogin.arubanetworks.com does not work
Search Airheads
Showing results for 
Search instead for 
Did you mean: