Hi,
I'm hoping someone can help with this.
I have a Dell Powerconnect W-620 controller running Aruba 6.1.3.7.
I also have two AP's associated to this controller.
I have already configured a network for LAN connection using EAP/RADIUS and now i'm trying to create a Guest SSID.
I have followed what i thought was correct below but it seems the clients (Win7 Laptop and Android Phone) connect, get an IP from the Guest DHCP pool and then disconnect a few seconds afterward.
Subsequent attempts to connect nearly always fail straight away without getting an IP.
I have ran traces using NetMon on the laptop and not every time there are DHCP requests and you can see the IP given by the Guest VLAN IP to the laptop. If you run a quick 'ipconfig' it gets the IP ok but soon disconnects with no event logs.
I have only added the pre-authentication role policies below as it doesn't hold its IP long enough to logon to the captive portal.
Details:
Guest VLAN created -
ID=200 - IP 20.20.20.1 /24 - Not associated to any port
Enabled src-NAT for this VLAN
Inter-VLAN routing enabled
DHCP -
Enabled
Guest_Pool1 -
Default Router - 20.20.20.1
Network - 20.20.20.0 /24
Range - 20.20.20.6 - 20.20.20.254
NAT Pools -
dymanic-srcnat 0.0.0.0 - 0.0.0.0 - 0.0.0.0 for everything
IP Routes -
default gateway - 10.0.0.6 (IP of Firewall)
No other routes
Roles-
Role - LM-Guest-guest-logon (pre authentication/captive portal)
Policies-
captiveportal
source user Dest controller Service svc-https Action dst-nat 8081
source user Dest any Service svc-http Action dst-nat 8080
source user Dest any Service svc-https Action dst-nat 8081
source user Dest any Service svc-http-proxy1 Action dst-nat 8088
source user Dest any Service svc-http-proxy2 Action dst-nat 8088
source user Dest any Service svc-http-proxy3 Action dst-nat 8088
Guest-Logon-Access
source any Dest any Service svc-dhcp Action permit
source any Dest Public-DNS Service svc-dns Action src-nat pool dymanic-srcnat (Public-DNS contains list of external DNS servers)
Block-Internal-Networks
source user Dest Internal-Networks Service any Action deny ( Internal Networks lists IP ranges for internal networks)