@zx10guy wrote:
One more thing I wanted to add, I don't have the controller set up as an L3 device for this network. It's just providing L2 connectivity.
Just want to be clear; despite the controller not doing any L3, it still needs an IP address on any VLAN that is being used for Captive Portal. It is required for the redirect functionality.
As was stated by The.racking.monkey; if you use an IP in the browser, DNS has no involvement. If you cannot get redirected when you type http://1.1.1.1 while in the CPG-Logon role then it is usually one of the following:
1) No IP on the client VLAN
2) Routing issue (ruled out)
3) URL availability (ruled out)
4) NAT issue (more or less ruled out with ICMP capability)
Outside of this, it seems you have a DNS Issue that needs to be resolved.
@zx10guy wrote:
I definitely have a DNS issue. I can ping everything outside of my subnet to include the DNS server. So there is no routing issue. This is if the client is operating under the initial CPG-Login role or if it is fully authenticated.
I do not have the capability of doing DNS lookups when the client is in the CPG-Login role. I do have DNS lookup capability if I manually change the client role to authenticated. I can browse perfectly fine when the client role is authenticated when it is connected to the guest SSID.
Just to do some additional testing, I decided to go through the self registration by manually entering the URL path with just the IP address of the ClearPass server. I was able to get through the entire registration process on my test client. However, I am still unable to get DNS name resolution after registration. I checked on the status of the test client on the controller and it shows no change in the client's role. It still shows as CPG-Login.
On these items:
1) Where is the DNS server located? ICMP is clearly allowed to it from your guest VLAN, but is DNS allowed (not on the Aruba setup, but are there any other ACLs out there)?
2) Simply registering will not change your role; you'd have to be sent there as part of the Captive Portal redirect