Controller Based WLANs

How to configure Aruba Controller for redirecting traffic to the transparent mode operating proxy server?

Product and Software: This article applies to all Aruba controllers and ArubaOS versions:

Consider the below network setup :


Controller --------------------------- Uplink Switch ----- Internet
|                                                                     |
|                                                                     |
|                                                                     |
Gateway device for the users------ Proxy server ----- Internet

In this setup, users traffic should be redirected to the transparent mode operating proxy server. Client connects to the open ssid and falls in the user-role Guest-Proxy.

Configuration:

!
ip access-list session Guest-Proxy
 any any svc-dhcp permit
 any any svc-dns permit
 any any svc-icmp permit
 any any svc-http dst-nat ip <ip address of the proxy server> <port number>
 any any svc-https dst-nat ip <ip address of the proxy server> <port number> (Only if the proxy server supports https, dst-nat need to be added for svc-https. Otherwise, acl need to be added to allow https service)

!
user-role Guest-Proxy
 access-list session Guest-Proxy


!
aaa profile Proxy-AAA
initial-role Guest-Proxy


In the above setup, gateway of the client is configured outside the controller and proxy server is placed in different vlan from the client vlan. When the controller dst-natted the traffic to the proxy server, traffic will be routed to the proxy server based on the routing table of the controller. As the controller firewall is stateful, it would drop the return traffic to the client.

To make this to work to need to add host route for the proxy server as given below:

ip route <ip address of the proxy server> 255.255.255.255 <gateway ip of the client>

Note: In the transparent mode, most of the proxy server will process only the http traffic. Few proxy server like websense or bluecoat will process the https traffic provided ssl inspection in the enabled in the proxy server.

 

Version History
Revision #:
1 of 1
Last update:
‎07-04-2014 02:27 AM
Updated by:
 
Labels (1)
Contributors
Comments
ever paúl
 Buenas tardes necesito apoyo , me encuentro configurando siguiendo los pasos indicados sin embargo no me esta funcionando , solo funciona con el http la navegacion pero con el https no esta funcionando y desde el host cuando intento realizar un telnet hacia el proxy por el puerto 80 y 443 si funciona, por favor su apoyo urgente
 
Configuration:

!
ip access-list session Guest-Proxy
 any any svc-dhcp permit
 any any svc-dns permit
 any any svc-icmp permit
 any any svc-http dst-nat ip <ip address of the proxy server> <port number>
 any any svc-https dst-nat ip <ip address of the proxy server> <port number> (Only if the proxy server supports https, dst-nat need to be added for svc-https. Otherwise, acl need to be added to allow https service)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.