I demoted a 7240 from master to local and now clearpass captive portal clients that terminate on this controller can't get internet access. The other 3 local controller works just fine.
When opening a browser, even after self registration, the client is always redirected back to the same login/registration page.
Here's the datapath session:
NOTE: I relabeled the IPs so it is clear which one they are.
(local-aruba-wc1) #show datapath session table 10.client-IP
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
r - Route Nexthop
A - Application Firewall Inspect
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes Flags
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- ---------------
134.local-DNS-IP 10.client-IP 17 53 31365 0/0 0 0 0 tunnel 2961 5 1 216 FI
134.local-controller-IP 10.client-IP 6 8081 36016 0/0 0 0 0 tunnel 2961 5 9 6702 FSI
10.client-IP 54.230.87.216 6 36016 443 1/15787 0 0 0 tunnel 2961 5 10 860 FNCI
54.230.87.216 10.client-IP 6 443 36018 0/0 0 0 0 local 5 9 6702 F
10.client-IP 54.230.87.216 6 36017 443 1/15787 0 0 0 tunnel 2961 5 10 860 FNCI
10.client-IP 54.230.87.216 6 36018 443 1/15787 0 0 0 tunnel 2961 5 11 912 FNCI
54.230.87.237 10.client-IP 6 443 34369 0/0 0 0 0 local 5 9 6718 F
134.local-controller-IP 10.client-IP 6 8081 34370 0/0 0 0 0 tunnel 2961 5 9 6718 FSI
134.local-controller-IP 10.client-IP 6 8081 34372 0/0 0 0 0 tunnel 2961 5 9 6718 FSI
134.local-controller-IP 10.client-IP 6 8081 39378 0/0 0 0 0 tunnel 2961 5 9 6702 FSI
134.local-controller-IP 10.client-IP 6 8081 39380 0/0 0 0 0 tunnel 2961 5 9 6702 FSI
10.client-IP 134.local-DNS-IP 17 18452 53 0/0 0 0 1 tunnel 2961 e 1 58 FCI
134.local-DNS-IP 10.client-IP 17 53 23931 0/0 0 0 0 tunnel 2961 5 1 355 FI
10.client-IP 134.local-DNS-IP 17 26262 53 0/0 0 0 1 tunnel 2961 b 1 62 FCI
134.local-DNS-IP 10.client-IP 17 53 26262 0/0 0 0 1 tunnel 2961 b 1 119 FI
10.client-IP 134.local-DNS-IP 17 12032 53 0/0 0 0 1 tunnel 2961 e 1 66 FCI
10.client-IP 134.local-controller-IP 6 50592 8081 0/0 0 0 1 local f 0 0 FY
134.local-DNS-IP 10.client-IP 17 53 13345 0/0 0 0 1 tunnel 2961 e 1 120 FI
134.local-DNS-IP 10.client-IP 17 53 2021 0/0 0 0 1 tunnel 2961 e 1 133 FI
54.192.87.254 10.client-IP 6 443 35104 0/0 0 0 0 local 5 10 6754 F
10.client-IP 134.local-DNS-IP 17 13345 53 0/0 0 0 1 tunnel 2961 e 1 62 FCI
134.local-controller-IP 10.client-IP 6 8081 35103 0/0 0 0 0 tunnel 2961 5 9 6702 FSI
10.client-IP 134.local-controller-IP 6 35685 8081 0/0 0 0 0 local 5 0 0 FY
10.client-IP 134.local-controller-IP 6 36017 8081 0/0 0 0 0 local 5 0 0 FY
104.16.27.235 10.client-IP 6 443 35685 0/0 0 0 0 local 5 9 6702 F
54.192.87.254 10.client-IP 6 443 35105 0/0 0 0 0 local 5 10 6754 F
10.client-IP 134.local-controller-IP 6 36016 8081 0/0 0 0 0 local 5 0 0 FY
10.client-IP 134.local-controller-IP 6 36018 8081 0/0 0 0 0 local 5 0 0 FY
134.local-controller-IP 10.client-IP 6 8081 39379 0/0 0 0 0 tunnel 2961 5 9 6702 FSI
72.21.207.136 10.client-IP 6 443 39377 0/0 0 0 0 local 5 9 6702 F
10.client-IP 134.local-DNS-IP 17 13182 53 0/0 0 0 0 tunnel 2961 5 1 64 FCI
134.local-DNS-IP 10.client-IP 17 53 25780 0/0 0 0 1 tunnel 2961 e 1 124 FI
134.local-DNS-IP 10.client-IP 17 53 26025 0/0 0 0 1 tunnel 2961 5 1 455 FI
134.local-controller-IP 10.client-IP 6 8081 34371 0/0 0 0 0 tunnel 2961 5 9 6718 FSI
52.24.144.52 10.client-IP 6 443 60702 0/0 0 0 0 0/0/5 5 0 0 FDC
10.client-IP 104.16.27.235 6 35685 443 1/15787 0 0 1 tunnel 2961 5 10 1171 FNCI
10.client-IP 134.local-DNS-IP 17 31365 53 0/0 0 0 1 tunnel 2961 5 1 67 FCI
10.client-IP 134.local-DNS-IP 17 21527 53 0/0 0 0 1 tunnel 2961 5 1 59 FCI
134.local-controller-IP 10.client-IP 6 8081 35106 0/0 0 0 1 tunnel 2961 5 9 6702 FSI
134.local-DNS-IP 10.client-IP 17 53 18452 0/0 0 0 1 tunnel 2961 e 1 133 FI
192.243.232.36 10.client-IP 6 443 49650 0/0 0 0 0 0/0/5 3 4 372 FDC
72.21.91.97 10.client-IP 6 443 45029 0/0 0 0 0 0/0/5 8 0 0 FDC
192.243.232.58 10.client-IP 6 443 38166 0/0 0 0 0 0/0/5 3 4 372 FDC
192.243.232.58 10.client-IP 6 443 38170 0/0 0 0 0 0/0/5 3 4 372 FDC
192.243.232.58 10.client-IP 6 443 38167 0/0 0 0 0 0/0/5 3 4 372 FDC
10.client-IP 173.194.203.188 6 34656 5228 0/0 0 0 0 tunnel 2961 2 1 60 FDYC
192.243.232.36 10.client-IP 6 443 49651 0/0 0 0 0 0/0/5 3 4 372 FDC
(local-aruba-wc1) #
Thanks.