Wireless Access

Hi
We are using controller 3600 and rap2wg in the remote site...we have configured split tunnel for the ssid so that guest users can have captive portal authentication.

With regards to the above setup please clarify the below queries

1. Do we need to create a vlan and dhcp on the controller for the users to fall into?
2. If we have to create a dhcp for the vlan what should be the gateway? If we assign the private IP address from the dhcp will the user be able to reach the internet via DSL ?
#3600

---

@nallan wrote:
Hi
We are using controller 3600 and rap2wg in the remote site...we have configured split tunnel for the ssid so that guest users can have captive portal authentication.

With regards to the above setup please clarify the below queries

1. Do we need to create a vlan and dhcp on the controller for the users to fall into?
2. If we have to create a dhcp for the vlan what should be the gateway? If we assign the private IP address from the dhcp will the user be able to reach the internet via DSL ?

---

1.  Yes.  This is necessary so that guest clients can bring up the guest page on the controller to authenticate initially.

2.  Yes, and that DHCP is supplied by the access point itself.  In the AP system profile there is a dhcp server that the access point will serve up.  The AP will then source-nat all traffic that is destined to the internet using the Guest ACL that is applied after authentication

 

For details on how to set it up please see here:  https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-825