08-04-2013 10:57 PM
I have configured Captive Portal in the network but its not letting me browse any web page.
When i got connected to the CP ssid, it assigns me the correct role i.e. "CP_SSID-guest-logon" (where CP_SSID is the ssid for captive portal) that has the preset policies "logon-control and captive" and also takes me to CP page for authentication. After providing the correct user name and password (whose entry is in Internal DB) it waits for 10 sec before redirecting to the requested webpage, which is normal, but after that it either doesn't show me any webpage (blank white page) or again shows me Captive portal page to enter the username and password which was already provided seconds ago.
Now can anyone tell me whats going on?
Interesting thing is that after successful authentication, i can ping any webpage i want but when it comes to browsing the page, aahhh... :(
AOS is 220.127.116.11
Role Policy Src Dst Service Action Dest/Opcode New Hits Total Hits Index
Solved! Go to Solution.
08-05-2013 01:31 AM
08-05-2013 04:02 AM
Check your DNS + gw configuration (under IP>route or under IP>dhcp)
also - can u printout /screenshot the ACL that authenticated users getting after the captive please.
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
08-05-2013 05:20 AM
Thanks cjoseph. I got it to work with your kind support.
I forgot to change the default role which was same as initial role that's why it never got changed :)
Please clearfy 1 more thing before we mark this thread as "solved".
Now i want to NAT the guest traffic hide the network IP scheme and resources, can you please help me achieve that?
I have 3 VLANs on the controller, 1 is default (172.16.0.254), vlan10 is for employee and vlan50 is for uplink (4th port is assigned to vlan50 with client's network parameters and using external DHCP/DNS servers). Clients get the IPs from external server on vlan50 and Captive portal SSID is assigned vlan50, say 192.168.0.x. Now what should i do that the guest users get the IP address like 10.10.10.x. as well as they cannot access/ping the internal FTP or DHCP/DNS servers???
08-05-2013 05:23 AM
If your users are on VLAN50:
interface vlan 50
ip nat inside
If you want to block traffic to internal resources, go into the "authenticated" role and add ACLs that block internal traffic. If your clients are using an internal DNS server, make sure that the ACL to block internal traffic comes after permitting DNS.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base