ArubaOS and Controllers

Reply
New Contributor
Posts: 3
Registered: ‎07-06-2010

Guest network, Resolve address

I have two Aruba 2400 Controllers one as a master and the other as local. Currently both controllers are loaded with ArubaOS Version 3.2.0.1 This is not by my choice but a hardware Vendor that is unwilling to update their firmware on their devices to support the new version of ArubaOS.

It is well Documented about the Expiration of the securelogin.arubanetworks.com Certificate on June 29, 2011. I have downloaded and attempted to install two new certificates on both controllers, secureMaster.domain.com and secureLocal.domain.com. I have also changed both controllers to use the Newly created and updated Certificates for the Captive Portal and WebUI Management. On the internal network DNS server I have added new Host records to link the SecureMaster.domain.com and SecureLocal.domain.com names so when I manage the devices in IE I can use the Host name instead of the IP address. When I open those pages I am seeing the new Certificates correctly. No "There is a problem with this website's security certificate"

My problem is on my Guest Network. When a device connects into the Guest network and they bring up a website they are still being redirected to securelogin.arubanetworks.com instead of the new common name I created. If I click threw the Certificate error i am able to see the captive Portal. When I view the Certificate it shows me the Certificate was issued to securelocal.domain.com it also is telling me "this Certificate cannot be verified up to a trusted Certification authority." It should be noted when I uploaded the issue certificates to the controllers I also updated the TrustedCA certificate that was sent allong with the issued Certificated.

Currently I have one port interface setup on both controllers for Guest Network with a VLAN than is not on my Main Hospital network. on that interface both controllers plug into a "guest Network" Network switch which then is pluged into on of the interfaces on my ASA5510 Firewall. That Interface on that Firewall only allows traffic to pass out to the WAN interface. the ASA5510 is also setup as the DHCP server, which is giving the client a DNS ip address from OpenDNS.com to provide some dns name webfiltering.

Can anyone offer any suggesting on what I am missing. And why Clients are not being redirected to securelocal.domain.com
New Contributor
Posts: 3
Registered: ‎07-06-2010

Re: Guest network, Resolve address

Steps I had done so far after I orginally posted the Topic.
1. I installed the Trusted Root Certificate on the Device that is accessing the Guest network. that took care of the "this Certificate cannot be verified up to a trusted Certification authority" error message.

2. Created a new Captive Portal Page. It was a reach but figure I would give it a try to make sure it wasn't something I had inadvertently added to the Custom CP page I created Orginally. like expected It did make any difference.

3. while at the Captive Portal Page I change the address bar from Https://securelogin.arubanetworks.com/cgi-bin/something/something/something and change the securelogin.arubanetworks.com to securelocal.domain.com and leave everything else alone and reload the page. The page will load with the correct address without the "the Security Certificate presented by this website was issued for a different website" error.

The controller appears to be able to resolve the securelocal.domain.com correctly on the guest network. But for some reason or not it is not defaulting to the securelocal.domain.com when are redirected to the captive portal the first time around.
New Contributor
Posts: 3
Registered: ‎07-06-2010

Re: Guest network, Resolve address

I could really could use some help over this issue. If anyone has seen this issue or knows that it is a no so known issue with the version of the ArubaOS please speak up.

I am out of ideas and just need suggestion. I have a feeling its something with my configuration and not so much a bug in the OS. But I have nothing to go on at this point.
Guru Elite
Posts: 19,990
Registered: ‎03-29-2007

Re: Guest network, Resolve address

Please open a case with tac, so that we do not frustrate you. We can only ask for information that does not perpsonally identify you, and that will delay resolution of your issue.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: