Wireless Access

last person joined: 8 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Users not able to access internet

This thread has been viewed 8 times

  • 1.  Users not able to access internet

    Posted May 30, 2017 07:30 PM

    Hello, 

     

    I'm new to Aruba.  We have multiple SSID's and users are not able to access the internet via one SSID.  I asked the local contact to try to log into WiFi and he was successfully able to authenticate.  However, he got an error message stating there is limited availability and he received an error message stating that the certificate has expired.  I tried accessing the GUI and I too received an error message stating that the certificate has been revoked.  I have 3 licenses on the Aruba 650 and they never expire.  Is there a way to udate the current certificate or is there another certificate that I should be using?

     

    (ottedwifi01) #show license

    License Table
    -------------
    Key Installed Expires Flags Service Type
    --- --------- ------- ----- ------------
     2010-03-08 Never E Power Over Ethernet
    06:53:02
     2012-04-30 Never E Next Generation Policy Enforcement Firewall Module: 8
    13:43:39
     2012-04-30 Never E Next Generation Policy Enforcement Firewall Module: 1
    13:43:39

    License Entries: 3

    Flags: A - auto-generated; E - enabled; R - reboot required to activate

    (ottedwifi01) #
    (ottedwifi01) #
    (ottedwifi01) #
    (ottedwifi01) #
    (ottedwifi01) #show license verbose

    License Table
    -------------
    Key Installed Expires Flags Service Type
    --- --------- ------- ----- ------------
    2010-03-08 Never E Power Over Ethernet
    06:53:02
     2012-04-30 Never E Next Generation Policy Enforcement Firewall Module: 8
    13:43:39
     2012-04-30 Never E Next Generation Policy Enforcement Firewall Module: 1
    13:43:39

    License Entries: 3

    Flags: A - auto-generated; E - enabled; R - reboot required to activate

    (ottedwifi01) #
    (ottedwifi01) #
    (ottedwifi01) #
    (ottedwifi01) #
    (ottedwifi01) #show ap active

    Active AP Table
    ---------------
    Name Group IP Address 11g Clients 11g Ch/EIRP/MaxEIRP 11a Clients 11a Ch/EIRP/MaxEIRP AP Type Flags Uptime Outer IP
    ---- ----- ---------- ----------- ------------------- ----------- ------------------- ------- ----- ------ --------
    default 192.168.26.193 1 AP:HT:6/22/22.5 1 AP:HT:149+/23/23 105 a 496d:7h:36m:32s N/A
     default 192.168.26.195 0 AP:HT:11/9/22 0 AP:HT:48-/22/22 105 a 496d:7h:36m:36s N/A
     default 192.168.26.197 0 AP:HT:1/22/22 0 AP:HT:44+/22/22 105 a 496d:7h:37m:2s N/A
     default 192.168.26.198 0 AP:HT:11/18/22 0 AP:HT:161-/24/24 105 a 496d:7h:36m:7s N/A
     default 192.168.26.199 0 AP:HT:11/21/22 0 AP:HT:36+/22/22 105 a 496d:7h:36m:36s N/A

    Flags: 1 = 802.1x authenticated AP; 2 = Using IKE version 2;
    A = Enet1 in active/standby mode; B = Battery Boost On; C = Cellular;
    D = Disconn. Extra Calls On; E = Wired AP enabled; F = AP failed 802.1x authentication;
    H = Hotspot Enabled; K = 802.11K Enabled; L = Client Balancing Enabled; M = Mesh;
    N = 802.11b protection disabled; P = PPPOE; R = Remote AP;
    S = AP connected as standby; X = Maintenance Mode;
    a = Reduce ARP packets in the air; d = Drop Mcast/Bcast On; u = Custom-Cert RAP;
    r = 802.11r Enabled

    Channel followed by "*" indicates channel selected due to unsupported configured channel.
    "Spectrum" followed by "^" indicates Local Spectrum Override in effect.

    Num APs:5

    (ottedwifi01) #



  • 2.  RE: Users not able to access internet

    EMPLOYEE
    Posted May 30, 2017 07:50 PM

    Where did the end user see the message?  Is the user using an encrypted SSID?



  • 3.  RE: Users not able to access internet

    Posted May 30, 2017 08:41 PM

    Colin,

     

    Thank you for your help.  The user saw the credential message when attempting to launch multiple web browsers.  When I attempted to launch the GUI in my web browser, i saw the message as well.  It stated that the certificate was revoked.  

     

    As far as encryption...I'm not sure if it's encrypted.  Can you let me know that command and I'll let you know?

     

    Thank you,

     

    awilk11



  • 4.  RE: Users not able to access internet

    EMPLOYEE
    Posted May 30, 2017 08:51 PM

    Do users login via captive portal?  If yes, what version of ArubaOS is this?  You probably have to upgrade ArubaOS to obtain the new built-in certificate on ArubaOS.  Please see info on this here:  https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809



  • 5.  RE: Users not able to access internet

    Posted May 31, 2017 08:35 AM

    Users are loggin via a captive portal and we are using ArubaOS Version 6.3.1.6.  I'll look into your recommendation.  

     

    I'm able to access the WebUI.  I have two computers at my desk and the second computer allowed me to access it.  Configuration>Management>General>WebUI Management Auth Method>Server Certificate = Default.

     Configuration>Management>General>Captive Portal Certificate>Server Certificate = Captive Cert

     

     

    Are my licenses default?  If they are default, would replacing them with a certificate issued by a CA resolve the issue?

     

    2010-03-08 - Never - E - Power Over Ethernet

     

    2012-04-30 - Never - E - Next Generation Policy Enforcement Firewall Module: 8
    13:43:39

     

    2012-04-30 - Never - E - Next Generation Policy Enforcement Firewall Module: 1
    13:43:39

     



  • 6.  RE: Users not able to access internet
    Best Answer

    EMPLOYEE
    Posted May 31, 2017 09:42 AM

    Your problem is not related to licensing.  It is related to the captive portal certificate which is different from licensing.