Wired Intelligent Edge

Hi all Friend and Expert,

 

I have two controller and two building, building A and B routed over layer 3 and it's different vlan database, ( VTP domain) 

 

Building A ( We had deployed this system )

- 01 Controller 7205: Role Master

- Users from building A get VLAN IP of Building A

- 

 

Building B ( New campus )

- 01 Controller 7205: Role Local

-  Users from building A get VLAN IP of Building B ?

-  Local and master is connected over tunel mode

- I want same SSID name but, when users in building A, they can get IP of building A, and when users in building B, they can get IP of Building B.

I have attached topology of network logical.

Please give me some ideas, Thank you so much !

 

Regards,

Lee Nguyen

You need to use a VLAN name in your Virtual AP:

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/What-is-a-named-VLAN-and-how-do-I-configure-it/ta-p/181562

Dear Colin,

 

Thank you for your comment,

 

I have created new Group name AP-B-Building, I'm going to move an AP test to this group.

But, how can i move it to local controller in Bulding B, as my understand, when i moved AP test, to local controller it will bring up a GRE tunnel with local controll.

 

Thank you so much!

Go to Configuration> Wireless> AP Configuration.  Click on your new ap-group.  Click on AP.  Click on AP System.  In the right pane, find the  LMS IP box and type in the IP address of the controller that you want your access points to be on.  Click on "save as" in the upper right hand corner to create a new profile and give it a new name.  Click on Apply in the lower right hand corner to apply the new profile.  You have to click on save configuration to push the change from the master to the local controller.

 

Setting the LMS IP and saving it as a new AP System Profile defines the ip address of the controller that access points in that AP-Group will terminate their user traffic on.

Hi Colin,

I understand your ideas, it working well , my new ap can tunneling with my local controller in building B

I want ask you more question:

In building A vlan id for guest is 66 and it working well
Now i created a vlan name: Guest
building A mapping with vlan id 66, building B mapping with vlan 77
AAA and authentication method the same with building A
But, in building A went i login to guest, system will popup a window for me input user and password ( local database )
In Building B when i login to guest it can not show me the window for in put user password, please trouble shooting and give some your idea.

Thank you so much,

Lee

Hi Colin, i want ask you more about guest database

My users in new building (B) can use internal database of master controller to guest access ?
It mean building a and building use same database guest ?

or building A will use local database of master controller, and building B will use database of local controller for access, i want all users in two building use same inter database for guest access

Thank you so much,

Lee

By default, all of the guest user authentication on local controllers is done with the database on the master controller.

Ok i will try again and feedback to you soon

Thank you so much

Dear Colin, im trying your comment but cannot success.

I have proplem with guest access as bellow:

All uses in new group ap, this group has lms ip of local controller, users can get ip of vlan guest but they cannot see popup window ( captive portal) for authentication user/password local database.

I have created vlan interface of guest vlan, but after got ip, they cannot continue.
Im use local database in master controller.

Thank you so much
Lee nguyen

- Your guest VLAN on that controller should have an ip address.

- You need to change the ip cp-redirect-address to that ip address:   http://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/1CommandList/ip_cp_redirect_address.htm?Highlight=ip cp-redirect

- make sure your clients can resolve DNS when at the captive portal

Dear Colin,

 

Please clear for me something

 

Example:

Step 1: Creat interface

interface vlan guest has IP: 172.27.0.100

Step 2: Config CP redirect

 (Master) (config) #ip cp-redirect-address 172.27.0.100

Step 3: Make sure DNS can resolve.

 

Please review my step as above, in step 2, i do it on Master controller ?

 

Thank you so much

Lee Nguen

 

Step 2, do it on the local controller with your problem.

 

Dear Colin,

 

I configured cp-redirect-address on local controller.

When i open web brower it automatic redirect to url: securelogin.arubanetworks.com

 

But look like my dns cannot resolve this name, so now i must create a record maping nam-IP

securelogin.arubanetworks.com - IP interface vlan guest ?

Thank your your help

 

LeeNguyen

 

By default the controller intercepts DNS requests for securelogin.arubanetworks.com and returns the ip cp-redirect-address.  It looks like your "logon" role might be wrong.

 

1.  Find out what role your user gets when he associates to the controller

2.  Type "show rights <that role>"

 

Hi Colin,

1. Role for guest is : guest

2. in addtted file, this is output of cmd show right guest

 

Thank for your help

 

Thank you so much

 

That is the wrong role.  That is the production role that a guest gets after he has already authenticated.  What is the role that a guest gets before he authenticates?

Dear Colin,

 

Initial role : FSOFT-Guest-role

 

After authentication is: Guest

 

Can we working over share screen via Skype business ?

 

Thank you so much

Dear Colin,

 

Initial role : FSOFT-Guest-role

 

After authentication is: Guest.

Can i share my screen for you?

P/s im working external DHCP, DHCP no on local controller.

Thank you

What is the output of "show rights FSOFT-Guest-role"?

 

Dear Colin,

In attached file is output of show rights FSOFT-Guest-role

 

Thank you so much !

 

any     DNS-SERVER   svc-dns 

Please check to make sure that the client can resolve DNS when it associates.  If you restricted DNS only to DNS-SERVER and it is not working, captive portal will fail.. 

Alias: DNS-SERVER has all my internal DNS, and public DNS  8.8.8.8 and 8.8.4.4

 

Can i share you my screen, please check help us.

 

In Building 1, working fine with currently configuration, why new building cannot working.

 

two thing differrent is

Building 1, DHCP for guest vlan on controller, building 2 dhcp server on external

Vlan for guest in building 1 : 6, in building 2 :  226

 

Thank you so much

It should not make a difference where the DHCP is hosted, as long as the controller has an ip interface on the VLAN and the ip cp-redirect-address is pointing at that address.

 

Do you have a screenshot of what the client sees when it tries to open a browser?

Dear Colin,

 

When it tries to open a browser, it will show as my attached file.

 

Thank you so much

Click on advanced and then proceed. You are getting that message because you do not have a public certificate on your controller.

Sorry, when i click advace it cannot continue

 

I send you, a new creen shot of client as file attached,

 

and this is full url, when it error:

 

https://securelogin.arubanetworks.com/upload/custom/FSOFT-Portal/Portal%20Login.html?cmd=login&mac=00:24:d6:6e:09:86&ip=172.27.0.64&essid=Aruba%20FPT%20Software%20Guest&apname=SonDN4&apgroup=AP-FPT-CG&url=http%3A%2F%2Fwww%2Egstatic%2Ecom%2Fgenerate_204

 

Thank you so much

Thja

What happens when you click on the Connect button?

Dear Colin,

When i click to button, it will return to url

https://securelogin.arubanetworks.com/upload/custom/FSOFT-Portal/Portal%20Login.html?cmd=login&mac=00:24:d6:6e:09:86&ip=172.27.0.64&essid=Aruba%20FPT%20Software%20Guest&apname=SonDN4&apgroup=AP-FPT-CG&url=http%3A%2F%2Fwww%2Egstatic%2Ecom%2Fgenerate_204

Thank you, Can i share my screen for you?
Thank you so much

That URL is pointing to a custom page that you created.  That page and the files must be uploaded to the local controller manually.  If you go to Configuration> Management> Captive Portal; Click on the Upload Tab.  Change the dropdown profile to FSOFT-Portal and click on "choose file" and browse to your HTML and then click on apply.  Repeat this for all the HTML files you have..

 

 

Dear Colin,

 

I understand your ideas, but cannot find that file to import on local controller.

 

How to export file on master controller ?, this configuration was pushed from master to local.

Thank you so much

Dear colin,

 

I think this is proplem of us, 

 

When i click view test captive portal site on local controller, it cannot show login page, ( i choose default ).

I think web server on local controller is not running ?, Can you give me some ideas on this case.

 

Thank you so much

Change the profile to something else besides default

Dear Colin,

I have try some profile, default and customize and it is same result, i have imported html file, but it not wokring.

 

can i share my sceen for you, you will help me check more.

 

Thank you so much