Wireless Access

Reply
gem
Contributor I

Captive Portal with two controllers in HA Dual mode

Hello,

 

I am having some difficulties with configuring Captive Portal on my controllers.

Currently on the same vlan I have four controllers, which are configured in pairs on HA groups and in Dual mode.

Controller A-1 (Dual) (master controller) <=> Controller B-1 (Dual)

Controller A-2 (Dual) <=> Controller B-(Dual)

 

I have configured the captive portal everywhere, with L3 IP on the cp vlan etc.

When a client tries to connect, all controllers are trying to intercept the traffic and present the CP page.

 

Any ideas how I can work around this?

Guru Elite

Re: Captive Portal with two controllers in HA Dual mode

That should not happen.

 

- User traffic should only be passing through the controller that the access point is terminated on.  The standby controller for that AP does not see any user traffic from that AP.

 

- How can you tell it is being intercepted by all controllers?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

gem
Contributor I

Re: Captive Portal with two controllers in HA Dual mode

When connecting to an AP linked to controller B-1, I tried to login on the captive portal and after pressing connect, the page refreshed and I got redirectied to A-1-url/upload/custom/default/index.html

 

In general, should the configuration be identical on all controllers, with only difference being the L3 IP?

Captive Portal custom webpage, again identical and uploaded to all controllers?

Guru Elite

Re: Captive Portal with two controllers in HA Dual mode

Did you configure the ip-cp-redirect option on any of the controllers?

Did you change the built-in https certificate on any of the controllers?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

gem
Contributor I

Re: Captive Portal with two controllers in HA Dual mode

ip cp redirect is not configured

 

I have added valid certificates from quovadis, each one created with CN to be the specific fqdn of each controller.

 

Two sidenotes that would be nice to look at as well if possible...

1) The certificate appears valid if I use it for the webgui, but invalid on the Captive Portal (NET::ERR_CERT_AUTHORITY_INVALID), tried OCSR rules etc with no luck, but still investigating. 

2) Can we have a different url on the login page than the actual controller url e.g. guest.mycompany.com which would be the same for all controllers? Would the controller need to reply to a DNS query for that url and would that need a special config, or is it part of the generic CaptivePortal operation, where it is intercepting all DNS queries anyway?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: