Wireless Access

Reply
New Contributor

Captive Portal cannot showup & 802.1x authentication problem

Hello there,

 

Does anyone experience in WLAN-user reporting that after they associating to the SSID, they can get the IP address correctly, but the captive portal page cannot show up sometimes? As my client configured a Student SSID with captive portal as authentication, using 10 * /22 subnet pool together to provide up to 10000 in therory, I have checked that the con-current web session of that local controller didn't exceed the maximum value, any idea of the root cause on this?

 

Besides, another problem is when a WLAN-user login another SSID using 802.1x as authentication, it's no problem except he moves to another building, the mobile device will prompt to accept another certificate as it moves from local controller A to local controller B, I would like to ask is this a problem of each controller using their own self-sign certificate for 802.1x encryption? What's the common design on this?

 

Here is our deployment, 9 buildings in a campus, (A/B/C/D/E/F/G/M/N), and our vlan design are based on SSID, all AP using tunnel-mode, total 4 * 3600 controller sitting in Block N as datacenter, layer-2 trunk connect to the core switch which connecting to all buildings with L3 connection.

 

Appreciate for you guys help!!!

Guru Elite

Re: Captive Portal cannot showup & 802.1x authentication problem


FrankChang wrote:

Hello there,

 

Does anyone experience in WLAN-user reporting that after they associating to the SSID, they can get the IP address correctly, but the captive portal page cannot show up sometimes? As my client configured a Student SSID with captive portal as authentication, using 10 * /22 subnet pool together to provide up to 10000 in therory, I have checked that the con-current web session of that local controller didn't exceed the maximum value, any idea of the root cause on this?  Make sure that every VLAN on the controller has an ip address.  In addition, enable "Allow Tri-session with DNAT" under Configuration> Advanced Services> Stateful Firewall

 

Besides, another problem is when a WLAN-user login another SSID using 802.1x as authentication, it's no problem except he moves to another building, the mobile device will prompt to accept another certificate as it moves from local controller A to local controller B, I would like to ask is this a problem of each controller using their own self-sign certificate for 802.1x encryption? What's the common design on this?  It is a problem of each controller using its own self-signed certificate. You can solve this problem by putting a certificate on the radius server and disabling Termination on the 802.1x settings on your individual controllers. 

 

Here is our deployment, 9 buildings in a campus, (A/B/C/D/E/F/G/M/N), and our vlan design are based on SSID, all AP using tunnel-mode, total 4 * 3600 controller sitting in Block N as datacenter, layer-2 trunk connect to the core switch which connecting to all buildings with L3 connection.

 

Appreciate for you guys help!!!


 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: