Users connecting to the guest network are unable to pass traffic after a period of time.

Aruba Employee
Problem:

Users connecting to the Guest network configured for captive portal authentication are unable to pass traffic over a period of time.
Removing the user-mac address manually from the user-table and reconnecting the user to the Guest network again temporarily workaround the situation. 
 



Diagnostics:

-This behaviour has seen only on the Guest ssid configured for captive portal authentication. 


-The user was with no IP address and was with 169.x.x.x (self-assigned IP) on the user's end during this behaviour. 


-User has a successful association and assigned with the captive portal post authentication role in the user-table of the controller.
 

-Enabled DHCP debugging on the controller found DHCP-Discover, DHCP-offer on the controller's datapath however the user was assigned with no IP.


-After verifying the post authentication role where the user assigned in, the network where the DHCP server resides was denied.


-In order to verify this we did a "aaa user add x.x.x.x role" and assigned a role without any restriction, on the user's end he got a valid IP, able to pass the traffic without any issues. 



Solution

In the Captive portal post authentication role we have added "any any svc-dhcp permit" before the internal network deny acl has fixed the behavior. 

Version history
Revision #:
2 of 2
Last update:
‎10-18-2016 03:33 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: