Wireless Access

Reply
Frequent Contributor I
Posts: 97
Registered: ‎01-27-2015

Guest can access network without captive portal

Hi, everyone

 

I configure 3 VLANs on controller

VLAN21 10.10.1.1

VLAN22 10.10.2.1

VLAN23 10.10.3.1

 

After guest associated Guest SSID, Guest receive and IP address 10.10.3.x but they can connect SSID without captive portal. And I use command ping "securelogin.arubanetworks.com" on guest device. Result is request time out. Must i need additionally configure

 

Thanks

Frequent Contributor I
Posts: 89
Registered: ‎10-27-2013

Re: Guest can access network without captive portal

Hi

I am also self still learning alot of things, but I would suggest checking what the controller VLAN is set to. As far as I understand the portal will run from that IP - so your securelogin.arubanetworks should resolve to this IP.

#show running-config | include controller-ip                     

The IP assigned to the assosciated VLAN is the one you are looking for.

 

To test try to connect to the Guest SSID and browse to the IP - if Captive Portal doesn't open check the Portal setup. 

If the Portal Opens on IP, then it is possibly a DNS issue.

 

Just my 2 Cents - but I believe some of the smarter folks in the community can give a better answer.

 

Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Guest can access network without captive portal

Did this ever work?  What was changed?   It is hard to say what is wrong from the limited information in your post.

 

You should go to Configuration> Wizards> Campus WLAN and if possible delete and re-recreate your guest WLAN. 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 97
Registered: ‎01-27-2015

Re: Guest can access network without captive portal

I try this command on guest client "nslookup securelogin.arubanetworks.com"

The result is

 

DNS request time-out

Non-authoritation answer

name : securelogin.arubanetworks.com

Address : 10.10.90.X

 

and then I  use ping command "ping securelogin.arubanetworks.com"

It's success 100%

 

I want to know. My DNS, Is there any problem? 

Frequent Contributor I
Posts: 89
Registered: ‎10-27-2013

Re: Guest can access network without captive portal

If the IP reported when you ping and nslookup is indead that of your controller on its vlan then the DNS is mostlikely working correct. if the IP is incorrect then correct the IP and controller VLAN.

What happens if you mannually browse to the reported IP does the Captive Portal Open?

Frequent Contributor I
Posts: 97
Registered: ‎01-27-2015

Re: Guest can access network without captive portal

Yes! if i enter ip reported or any ip, traffic will redirect to self register page.

Aruba Employee
Posts: 196
Registered: ‎03-26-2013

Re: Guest can access network without captive portal

Hi,

 

We should first check if the vlan used for the CP network is routable.

 

For that, please try the following steps:

 

1. Connect the client to the guest network.

2. Run the following command to put the client in to authenticated role.

 

Aruba# aaa user add <ip-address of client> role authenticated

 

The role authenticated has a allow-all ACL inside it. So, the client device should be able to browse out to internet .

 

If the client device is unable to browse to internet , then there is an issue with the DNS or routability of the vlan which needs to be corrected which is in turn causing the CP page not to show up automatically.

 

Along with that, please paste the output for the ACL's mapped to the actual  role that gets assigned to the client

when it initially connected to the guest network.

 

Aruba# show rights <name of role>

Search Airheads
Showing results for 
Search instead for 
Did you mean: