Wireless Access

So I got the guest network functioning(or so I thought), I have the internal DHCP server up and assigning IPS as it is supposed to(Thansk to the help I got here earlier), but now although it is connecting to the guest wireless network, getting the right IP and DNS info, I am not being directed to my login portal where it is supposed to be asking for my credentials.

 

Do I need to have some sort of route or path to make it work?

 

my internal IP range(also main controller IP) is 172.16.X.X and my guest network is 10.10.20.X.  I have my internal router set as 10.10.20.1 and am using my ISP provided DNS servers.

 

Under the VLAN are you natting ? or under the user-role?

 

 

 

 

 

I just now clicked NAT under the VLAN.  The sad thing is I thought I had it working a little while ago but must have changed something.

 

even with NAT checked, I still don't get the captive portal nor can I get on the net though.

 

Can you share the user-role rights ?

 

And also share the captive portal layer 3 profile ?

 

 

sorry, I don't know what you mean?  Is there a command I can type in to do that?

 

 

show rights <guest role name>

 

show  aaa authentication captive-portal <profile name>

 

Also are you using the internal captive portal ?

I am using the internal captive portal but I am not sure which role I am supposed to be using.  Here is what I get.

 

(HBWireless2) #show rights

RoleTable
---------
Name ACL Bandwidth ACL List Typ e
---- --- --------- -------- --- -
Guest Lan-cp_prof 54 Up: No Limit,Dn: No Limit Guest Lan-cp_prof/ Use r
HBGuest2-cp_prof 56 Up: No Limit,Dn: No Limit HBGuest2-cp_prof/ Use r
ap-role 4 Up: No Limit,Dn: No Limit Sys tem
aruba-ap-cp_prof 52 Up: No Limit,Dn: No Limit aruba-ap-cp_prof/ Use r
cpbase 14 Up: No Limit,Dn: No Limit cpbase/ Use r
denyall 12 Up: No Limit,Dn: No Limit denyall/ Use r
guest 3 Up: No Limit,Dn: No Limit Use r
guest-logon 6 Up: No Limit,Dn: No Limit Use r
logon 1 Up: No Limit,Dn: No Limit Use r
stateful-dot1x 5 Up: No Limit,Dn: No Limit Sys tem
sys-ap-role 7 Up: No Limit,Dn: No Limit sys-control/,sys-ap-acl/ Sys tem (not editable)

Total Roles:11

(HBWireless2) #show rights HBGuest2_srvgrp-acb28
Unknown role HBGuest2_srvgrp-acb28

(HBWireless2) #

(HBWireless2) #show rights HBGuest2_srvgrp-soh83
Unknown role HBGuest2_srvgrp-soh83

sorry to be so noob, I am totally new to the aruba world and probably deleted roles I should not have even touched.

These are the roles you should be working with :

 

The guest-logon role uses these policies:
 captiveportal (predefined policy)
 guest-logon-access
 block-internal-access
The auth-guest role uses these policies:
 guest-logon-access
 block-internal-access
 auth-guest-access

Make sure you follow all the instructions on this document: 

http://www.arubanetworks.com/wp-content/uploads/aos_guestacccess-appnote.pdf

 

 

 

 

 

 

 

Also you have to make sure you that the controller has a public IP address that you can nat the guest traffic to.

 

 

ouch...I defintitley do not want the controller having a public IP address...I am getting frustrated because I had it all working about an hour and a half ago and thought I was deleting old roles that were no longer in use.

 

this is for two internal wireless LANs, 1 for corporate and 1 for guests...I don't understand how I could have screwed it up so badly.  It seems like my guest accounts are just not getting the captive portal, thus they can not resolve web access.

They usually recommend putting the controller in dmz for wireless guest access or use a layer 2 VLAN that reaches the firewall and then do the natting there

jb1095,

 

A couple of things to check/confirm

 

- Does the controller have an IP on the guest VLAN?   Captive portal will not work if the controller does not have an IP on that VLAN

- When connected to the SSID, what role is the user in (look in the clients table or run "show users")

- Does that role have a Captive Portal profile defined for it?  (run show rights "aboverole")

- If yes to the above; type http://1.1.1.1 in your client browser (to rule out DNS, NAT, etc...; and see if Captive Portal launches)

- The gateway for the guest network; is that the controller or somewhere else on the network?