Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎03-02-2017

Internet-Only SSID provides internal IP address to DNS lookup when Google is set as DNS Server

[ Edited ]

We've got a bit of an odd issue with DNS at one of our sites.  We use Aruba AP205's with virtual controllers that are managed with Airwave, and we have an internal SSID that provides direct access to our internal network, as well as a second SSID on a separate VLAN that provides users with internet-only access for their personal, non-company devices.

 

On the internal network, our internal DHCP server assigns an IP address and DNS is handled by our internal DNS server.  On the second SSID, the IP address is virtual controller assigned (not NAT'd) and the DNS server for DHCP clients is Google's public DNS server.  There's also an access rule in place for this SSID that restricts access to the internal IP space.

 

The issue is that at one of our sites, users who are using their personal devices on the internet-only SSID can't reach a website with the same DNS name as the internal network.  The website is accessible from the public just fine, and from the internal network just fine.  But when I do a DNS lookup while connected to the internet-only SSID, the IP address of the web server appears as the internal IP address, which of course, is blocked because of the access rule and being on a separate VLAN.

 

All of our sites (physical locations) are set up the same, and this issue is only happening with this one site with the exact same configuration as the rest of our locations (configuration is pushed down centrally to all sites via Airwave, so there's no settings that are different between sites).

 

The only possible thing I can think of is that the IAP Virtual Controller is somehow caching DNS and providing the internal IP address to the web server for that website to clients on the internet-only SSID.  A lookup to Google directly on another machine definitely shows the correct external IP address for that website, so the internal IP result that clients on that SSID are receiving can't be coming from Google, which makes me suspicious of a DNS cache somewhere in the Aruba system.

 

Anyone have any ideas?  Thanks in advance!

Search Airheads
Showing results for 
Search instead for 
Did you mean: