Wireless Access

Reply

PEF license needed for captive portal

Hi gurus,

 

I have a customer who was using temporary PEF licenses, but they are going to expire. He doesn't want to purchase again these licenses, and according to my Aruba SE, if he only uses the built-in roles in the controller, he can be fine with these licenses. In order to do so, he is only using the "authenticated" role for the employee SSID and for the guest "SSID" he is going to change his old "ldsguestls-cp_prof_new" role for the built-in "guest-logon" role. After doing this, captive portal kept working, and then we removed the PEF license. After the removal, we reboot an AP to test, but the AP came up with flags "IL" (inactive, unlicensed). So it seems we still need the licenses. Although right now we are using only built-in roles, we didn't delete the roles my customer created when he had PEF licenses, as showed below:

image002_2.png

Do we need to delete these roles from the User Roles tab?

 

Regards,

Julián

 

 

Guru Elite

Re: PEF license needed for captive portal

Deleting or letting the PEF license expire leads to unpredictable results, because it is not done often.

 

With that being said, you should type "show keys" on the controller to see what licenses the user has.  There could be other temporary licenses that expired and now the user does not have enough licenses for his access points.

 

Just having roles configured will not trigger a user's access points to be unlicensed.  It is quite possible that the customer STILL has some PEF licenses and now that is limiting how many access points can come up.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
MVP

Re: PEF license needed for captive portal

Pretty sure you'll need to reboot the controller(s), not just the APs to make this work.

Now the controller has loaded config that they do not support. On reboot it should actualy remove the 'non-supported' user-roles and such.

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: PEF license needed for captive portal

Hi guys, thanks for your interest.

 

@Colin,

 

These are the licenses customer has:image001.pngThe second to last PEF license is the license customer had, it expired some time ago and then customer started with the problems because he was using non-built-in roles. Then the Aruba regional team issued a temporary PEF license (the last in the list). When we made the configuration for using only built-in roles, we removed the last license to check if we really still needed it or not, and when rebooting an AP it came up with IL flags.

 

@Koen,

 

Do you mean to reboot both master and local controllers? Do you mean after rebooting the 'non-supported' user-roles will be removed from the User Roles tab automatically? I am afraid after rebooting both controllers all the APs appear as IL...

 

Regards,

Julián

MVP

Re: PEF license needed for captive portal

I did mean rebooting both controllers yes but looking at your screenshot you again have a PEF eval license active so rebooting won't change anything for you at this time.

Are you still having the IL flag issues with this EVAL license?

 

You currently should be able to terminarte 20 APs. How many are you effectively using?  Your usage says 19, but the standby usage says 22?

 

How many APs have the IL flags? Do you have centralized licensing active so both controllers can use all licenses? 

Can you show us a "show ap database long"?

Does the system logs give any usefull clue?

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Regular Contributor II

Re: PEF license needed for captive portal

Hi,

 

Without PEF licenses there is NO firewall if i am correct. So mixing a corporate and guest SSID might not be the best option.

 

 

Cheers, Frank
Aruba Partner Ambassador| AMFX#22| ACCX#613| ACMX#733| ACDX#744

If you like my posts, kudo's are welcome. If it solves your problem, please click 'Accept as Solution'
Highlighted

Re: PEF license needed for captive portal

Is this for the controller internal captive portal or external ?

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: PEF license needed for captive portal

Yes, it makes sense but my customer is using only default roles for both the corporate and guest SSIDs, so PEF licenses wouldn't be needed.

Regards,
Julián

Re: PEF license needed for captive portal

Hi Victor,

It is the internal controller captive portal.

Regards,
Julián

Re: PEF license needed for captive portal


@koen wrote:

I did mean rebooting both controllers yes but looking at your screenshot you again have a PEF eval license active so rebooting won't change anything for you at this time.

Are you still having the IL flag issues with this EVAL license?

 

You currently should be able to terminarte 20 APs. How many are you effectively using?  Your usage says 19, but the standby usage says 22?

 

How many APs have the IL flags? Do you have centralized licensing active so both controllers can use all licenses? 

Can you show us a "show ap database long"?

Does the system logs give any usefull clue?

 


Hi Koen,

 

Sorry for the late reply, I was busy and forgot it. Yes, I have a PEF eval license, and I didn't have the IL flags issues with these license. As I said:

 

After doing this, captive portal kept working, and then we removed the PEF license. After the removal, we reboot an AP to test, but the AP came up with flags "IL" (inactive, unlicensed).

 

After making the configuration for using only default roles, I removed the PEF eval license to check if I still needed it, and then the IL flags appeared. I am managing around 42 or 43 APs, I don't remember exactly, but the thing is half of them are pointing to the local controller, and the other half are pointing to the master controller (where I took the image, and because that they appear as standby).

After removing the PEF eval license, all the APs I reboot come up with IL flags. And yes, centralized licensing is enabled.

I am not at customer side these days so I can't run the commands to answer your two last questions.

 

Regards,

Julián

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: