Wireless Access

Reply
Regular Contributor I

captiveportal via split-tunnel from Enet1 port on RAP

Hi, 

 

Is it possible to configure captive-portal by split-tunnel from Enet1 port on a Remote-AP. 

 

Regards,

 

Yoge

Guru Elite

Re: captiveportal via split-tunnel from Enet1 port on RAP

Yes.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: captiveportal via split-tunnel from Enet1 port on RAP

Thank you CJ.

 

I am trying this to setup refering to the KB article 825 and will be using Enet1 of AP125 or AP93H.

 

I will be making the Enet1 port as access vlan 21

 

I have a doubt in it. The vlan21 interface created on the controller. 

vlan 21      

interface vlan 21                                 
        ip address 192.168.199.1 255.255.255.0    
   
what would be the subnet for the user connected in enet1 ? will it be 192.168.199.0/24 ? 
what should be the gateway for him? 
 

 

Guru Elite

Re: captiveportal via split-tunnel from Enet1 port on RAP


yogendrankp wrote:

Thank you CJ.

 

I am trying this to setup refering to the KB article 825 and will be using Enet1 of AP125 or AP93H.

 

I will be making the Enet1 port as access vlan 21

 

I have a doubt in it. The vlan21 interface created on the controller. 

vlan 21      

interface vlan 21                                 
        ip address 192.168.199.1 255.255.255.0    
   
what would be the subnet for the user connected in enet1 ? will it be 192.168.199.0/24 ? 
what should be the gateway for him? 
 

 


Yes, that will be the subnet.  His gateway would be whatever the DHCP server assigns to him.

 

The subnet a user is assigned is primarily so that it has an ip address where it can reach the controller and bring up the Captive Portal Page.  The firewall policies for the guest role after successful authentication are normally something like "any any any route src-nat" which will source-nat all traffic out of the ip address of the RAP it is connected to.  So in other words, the default gateway does not really matter.

 

 

The rules for split tunnel captive portal say that certain traffic will be redirected (route src-nat) out the enet port of the RAP and NOT the default gateway.. http://community.arubanetworks.com/aruba/attachments/aruba/108/205/1/split-tunnel-captive-portal-pdf.pdf

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor I

Re: captiveportal via split-tunnel from Enet1 port on RAP

Thank you CJ 

 

made it to work. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: