01-05-2012 05:40 AM
This seems like it should be straightforward; but I'm calling on the experts to help!
I've got a user trying to get onto our captive-portal-protected guest network. He's running into issues verifying the HTTPS page's certificate. I believe it has to do with his client not being able to get to an OCSP address. I'd like to see what's getting blocked by the PEF, but I'm not sure the best way to go about it. I've used the WebUI before, but that's not the greatest method; you have to check it at just the right time to catch the problem in action. Surely there must be a way to get better detail via the CLI... ("There is...and stop calling me Shirley")
So experts, how do you troubleshoot PEF blocks quickly? I have an AirWave that I'm not sure how to use either, if that helps.
01-05-2012 05:43 AM
1. Find out the user's ip address
2. While the user is having the issue, type "show datapath session table <ip address of user>" to see what is being requested
3. Any traffic to port 80 ot 443, do an nslookup to that destination ip address to see what it resolves to, to determine if it is an OCSP issue.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base