01-16-2014 08:31 PM
Hi Airheads Community!
I hope you can help me with this one.
I have a network with Master/Local configuration of remote AP105s using split-tunnel and external captive portal/radius (not clearpass). Captive portal traffic pre-auth is tunneled back to the datacenter where the 3600s are hosted (from what I understand this is how it had to be set up), and post-authentication traffic is split locally to the broadband circuit.
The environment was running smoothly but we opted to give 188.8.131.52 a try and upgraded from 184.108.40.206. When upgrading all went well and all APs came online. A quick test of a lab AP confirmed that captive portal and browsing was successful. In the morning though we began getting reports that guests were having trouble getting the captive portal and were often getting a blank white screen instead of being re-directed to the captive portal.
Does anyone have any ideas as to why this could be? Unfortunately due to the mass issues we had to do an emergency downgrade back to the 220.127.116.11 partition, but I will try to provide any further details if someone has a question for me to chase down.
01-16-2014 08:33 PM
While troubleshooting I found a few tidbits that lead me into further questions about how L3 Auth should properly be configured on controllers.
1) Do any settings here stand out as incorrect or not best practice?http://screencast.com/t/tLFnjAFh
2) What is the difference between the "welcome page" and "redirect url" ? How does the checkbox affect the user experience? http://screencast.com/t/WBSsGtkR
3) What are the correct and recommended values here? Do these values affect my guest traffic that is being tunneled back and slow the captive portal traffic? (Values shown were me testing, but not having any better results) [picture from Advanced Services>Stateful Firewall>Global Setting.]http://screencast.com/t/fmbeQivx
Thanks for the help!
01-23-2014 06:46 AM
Please open a support case in parallel. Without the logs.tar it would be painful to try to figure out exactly what happened. We do not have your topology and split-tunnel captive portal is more complicated to troubleshoot than regular captive portal.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base