Controllerless Networks

Reply
Highlighted
New Contributor

Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

Hello,

 

We currently have an Aruba mesh network that then goes thru a cipafilter to the world.  Everything is functioning normally except for the following.

 

I have been tasked with turning on SSL decryption on the firewall, but that causes all of our guest wifi users to have to install a certificate which I would prefer guests not have to do.

 

I spoke with cipa filter and they said to create a group on the filter for wifi that doesnt require ssl decryption and give it the subnet/ip coming from the Aruba wifi guest dhcp service.

 

I have all of this setup, but the strangest thing happens.  I can connect multiple clients to guest wifi, get a correct dhcp served ip address and get to the internet on any of the clients.  BUT, The clients can not go to the same webpage at the same time.  If I have 1 go to msn another to yahoo and another go to google, all load quickly without issue.  If I make it so they all try to get to yahoo at the same time, only 1 will load while the others white screen, then as soon as the first is loaded, the 2nd will then load, then the 3rd when the 2nd is finished.  

 

I have tried multiple routing changes thinking something is getting lost along the way with no luck.

 

I did notice that the firewall is not seeing any traffic from the dhcp addresses handed out on the guest wifi ssid, it is only seeing traffic from the master AP ip address.  

 

I am using the AP's 172.x.x.x dhcp service without setting any other parameters.  No vlan changes, no other changes to routing and such on the AP's.

 

All other systems and ssids work without an issue.

 

Its that whole round robin loading of the same website that is messing me up.   Is there a way to just have the AP be more transparent and just forward the traffic to the firewall without Natting it maybe?  Then I could just set up the firewall to accept that traffic and route it back to that ap on its way back in. 

 

Thanks for reading this long winded issue.  Much Appreciated. 

Guru Elite

Re: Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

You would have to create a separate VLAN, trunk that VLAN to each IAP and configure the WLAN to be "Network Assigned" instead of "Virtual Controller Assigned".



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

Thanks for the info. Unfortunately, it appears that using this type of
setup is not compatible with cipafilter firewalls group setup. In order to
create 2 different groups for the cipafilter to recognize so that 1 group
can be assigned ssl decryption and the other (guest access) not have ssl
decryption, I need a range of ip addresses for it to attach to. By using
the same dhcp server for both regular and guest users and not using the
arubas built in dhcp, I am unable to differentiate where the request is
coming in thru.

Thanks for the help tho.

--
Dan Viste
Guru Elite

Re: Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

You would need a new VLAN/subnet.  The Instant controller can provide captive portal on this network.  That new range of ip addresses is what you would enter into the filter.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: