07-19-2016 06:45 AM
I am not sure if this is the correct spot for this question...but I need some help!
My guest wireless service seems to be sporadically working. I have various sites in my environment where the wireless signal is just fine, but the guest won't connect. here are the facts:
- Can connect to the Guest SSID, but the captive portal page is never passed to the device so users can not authenticate.
- It seems to be specific to mobile devices (Android and iOS) and Windows 10. In locations a Windows 7 Laptop has no issues connecting to the guest and authenticating... however in that same location a mobile device will not.
- I have worked with Dell and Aruba and as far as they can tell nothing on the controller seems to be causing the issue, possibly a routing issue... but we can see where. There has not be any configuration changes made that would cause the issue.
- My authentication page is local to the controller. We can see the "hand shake" of the device and the controller to get the captive portal page, but the ball seems to be dropped on the way back to the device.
- The AP configurations have not been changed, and in fact some locations that share the same configuration have different results. ex: The WAP in my office (A) has the same configuration as one across town (B), The only difference would be the networking back to the controller. Connecting to A, I have no issues and can authenticate as I should. Connecting to B does not work.
I am not sure if anyone can help, but everyone I seem to talk with about this issue... is stumped. I am new to all of this, so if I can provide more detail, I will gladly give what I know.
07-19-2016 08:31 AM
Sounds network related to me.
Check the DHCP scope used and make sure there are available addresses and the correct default gateway is being used.
Also check DNS works, this is required for captive portal. Make sure the user role allows dhcp and dns in the pre-auth role.
I assume you are manually entering the captive portal page as well and this doesn't work??
If you are using a hostname, try with the appropriate IP address and try pinging the IP first (if this is allowed by your user role policy).
ACDX #98 | ACMP | ACCP
07-19-2016 11:17 AM
I agree that it might be a network issue... I just have to find it.
DHCP scope is good.
DNS could be the issue maybe. I assume the user role allows dhcp and dns, since nothing on the controller has been changed. But to be sure... can you give me info on how to verify?
How could I manually enter the captive portal page if it is local to the controller? I cab view a "preview" from the controller, but I don't have a specifc address I can just pull up in a browser to test. (At least not that I know of... )
07-20-2016 12:47 AM
To verify DNS is allowed, go to Configuration -> Access Control and select the appropriate role which is used for pre-auth. The default role is guest-logon and this should have a policy which allows DNS (default dns-acl).
The other check is that your controller has an IP interface in the VLAN the guest users are being added to This is the IP address you would need to test the captive portal against. The controller must have an IP interface in the guest VLAN for the controller to do a local redirect.
ACDX #98 | ACMP | ACCP