08-03-2010 09:56 AM
08-03-2010 11:36 AM
Are you sure the initial roles are the same, and the CP profiles are all there? My guess is the initial role is set to authenticated or guest, not to logon. Posting partial configs will probably help us out on this.
Director, Strategic Account Solutions
08-03-2010 11:43 AM
As Andy said, it is probably due to the initial role in the AAA profile allowing traffic that should be redirected to the CP. For instance, if you are using "guest" as the initial role, then anyone that connects will be allowed to get an IP address, resolve DNS and browse the Web (tcp/80 and tcp/443) without any authentication. If the initial role is "authenticated", all packets are allowed before authentication. The initial role should probably be "guest-logon". That role allows DHCP and DNS, but if any tcp/80 or tcp/443 packets are sent, they are redirected to the CP.
See what AAA profile you are using under the VAP that houses the guest SSID and verify the initial role. If it is not correct, go into the AAA profile (Configuration > Authentication > AAA profiles) and change it to guest-logon.
09-13-2010 02:26 PM
09-13-2010 03:04 PM
Now if aruba support was in america and I could understand them maybe my thought process would be different.
09-13-2010 03:17 PM
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base