Controller Based WLANs

What is the behaviour of captive portal users during HA failover?
Q:

Does the role change from post authenticated to logon role after HA failover incase of captive portal authentication?



A:

Yes. After the HA failover process, captive portal users who are in post authenticated role on HA primary will be changed to pre-authentication role(initial role in the AAA profile) on HA secondary and this is expected. 

Below output shows that HA is formed between a Master and local running 6.4.4.9. It also shows that CAP-1 and CAP-2 are terminated on the master with its standby tunnel formed to the local controller:

Below output shows the AAA profile for the captive portal profile that is in use and a captive portal user in the Initial role:

After captive portal authentication, the role is changed from logon role to authenticated:

Below is the ap database output from the local controller, where we can see AP have formed standby tunnel on the local controller:

During the HA failover process, the APs is now terminating on the local(10.17.168.168). 'Show user' output shows that role of the client is changed from 'authenticated' to 'logon':

Version History
Revision #:
2 of 2
Last update:
a month ago
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.