Hi experts,
I have a problem with the Aruba Central splash page. I have configured a simple splash page with username/password authentication. Last week was working OK, but yesterday and today customer is reporting login problems like this:
I have made some troubleshooting but I don't find the issue. AS1 is in CONNECTED state from the VC, and from other IAPs , but not from all of them, in those in in INIT state (is a cluster of 7 IAPs). I think because all the communication is through the VC, only this IAP should have the AS1 server in connected state.
Anyway, there are error authentication logs in every AP, though differents types.
When I log through an IAP with AS1 in CONNECTED state I have this:
AP_Gerente# show ap debug auth-trace-buf mac 4c:8d:79:ca:44:27
Auth Trace Buffer
-----------------
Feb 26 15:48:44 mac-auth-req -> 4c:8d:79:ca:44:27 bc:9f:e4:b2:f5:f2/AS1_#guest#_ - - 4C:8D:79:CA:44:27
Feb 26 15:48:44 mac-auth-fail <- 4c:8d:79:ca:44:27 bc:9f:e4:b2:f5:f2/AS1_#guest#_ - - failure
Feb 26 15:48:44 station-up * 4c:8d:79:ca:44:27 bc:9f:e4:b2:f5:f2 - - open system
When I log through an IAP with AS1 in INIT state I have this:
AP_Central# show ap debug auth-trace-buf mac 4c:8d:79:ca:44:27
Auth Trace Buffer
-----------------
Feb 26 15:52:21 mac-auth-req -> 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52/AS2_#guest#_ - - 4C:8D:79:CA:44:27
Feb 26 15:52:22 server out-of-service * 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52/AS2_#guest#_ - - server timeout
Feb 26 15:52:22 station-up * 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52 - - open system
Feb 26 15:54:18 mac-auth-req -> 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52/AS2_#guest#_ - - 4C:8D:79:CA:44:27
Feb 26 15:54:19 server out-of-service * 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52/AS2_#guest#_ - - server timeout
Feb 26 15:54:19 station-up * 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52 - - open system
Feb 26 15:54:54 cp-pap-auth-request -> 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52/AS2_#guest#_ - - 24JLKNLFQguGGto3zwN/qw==.XlbbHQ
Feb 26 15:54:54 server out-of-service * 4c:8d:79:ca:44:27 f4:2e:7f:16:b9:52/AS2_#guest#_ - - server timeout
Some APs authenticate through AS1 and some through AS2, I don't know why.
Other weird thing is client is in MAC Auth Role when I check in the VC:
AP_Costos# show clients | in 4C:8D:79:CA:44:27
4C:8D:79:CA:44:27 192.168.190.117 4c:8d:79:ca:44:27 iPhone SPSA_Invitado_Aruba AP_Central 132+ AN MAC Auth fe80::1489:835e:24c3:65d7 22(good) 135(good)
But is the same as the SSID when I check in the AP is associated with:
AP_Gerente# show clients | in 4c:8d:79:ca:44:27
24JLKNLFQguGGto3zwN/qw==.Xlbj8A 192.168.190.117 4c:8d:79:ca:44:27 iPhone SPSA_Invitado_Aruba AP_Gerente 100+ AN SPSA_Invitado_Aruba fe80::1489:835e:24c3:65d7 22(good) 150(good)
Ports TCP 443 and 2083 are open in firewall, and RADIUS proxy is enabled.
Any tip? Attached output logs. Please help.
Regards,
Julián