Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Pre-shared Key SSID now working

This thread has been viewed 0 times

  • 1.  Pre-shared Key SSID now working

    Posted May 26, 2018 05:23 AM

    Hi,

      For the guest access I have preshared key SSID on VLAN 70. I configured the controller as a DHCP server. Everything worked for about 3 months but today the SSID stoped working. No one are able to get to the internet. I just want some command to troubleshoot this issue, something to start up with. 



  • 2.  RE: Pre-shared Key SSID now working

    EMPLOYEE
    Posted May 26, 2018 05:48 AM

    Is this an instant AP cluster or a hardware Aruba Controller?



  • 3.  RE: Pre-shared Key SSID now working

    Posted May 26, 2018 09:42 PM

    This is controller base cluster. 



  • 4.  RE: Pre-shared Key SSID now working

    MVP EXPERT
    Posted May 27, 2018 02:58 AM

    Has anything changed in your environment recently (#show audit-trail)? Have you completed any basic steps yet so far?

     

    - Are your clients getting an IP address? What is doing DHCP for VLAN 70 (#show ip dhcp database), has this been checked?

    - Is VLAN 70 still allowed on the relevant switch ports? (#show vlan status /#show port status)

    - Within your AAA Profile (#show aaa profile XXXX), it will show the User Role which your clients are assigned, does this permit the access you require?

    - Is the relevant routing in place to the gateway?

    - If this is a cluster, are the VRRP's (#show vrrp) correct (e.g Master/Backup)

    - What version of AOS are you running (#show version)?

     

    If you could provide a bit little overview of your network this would be a good help.



  • 5.  RE: Pre-shared Key SSID now working

    Posted May 27, 2018 03:56 AM

    Hi,

     To answer you questions: 

    1- Nothing changed in my environment 

    2- End user getting DHCP IP and the role is Guest-logon they are not getting to post authientication role which is guest

    3- For Vlan 70 I am doing IP Nat inside to nat the traffic to the management VLAN 

    4- My feeling is that there is something went wrong with the aaa profile. 



  • 6.  RE: Pre-shared Key SSID now working

    MVP EXPERT
    Posted May 27, 2018 04:03 AM

    Your clients will have already been authenticated in the first instance with your Guest-logon role which is defined as your Initial Role when using PSK. Does this contain a Captive Portal which then assigns the Guest role upon successful authentication. If you using a Captive Portal with Guest-logon, ensure that the clients are assigned a valid and working DNS. If the controller does not see a DNS response, it will not intercept and load the Captive Portal.

     

    Feel free to post the output of your User Roles and AAA Profile.