Mobility controller 7210 version 8.7.1.1-FIPS_78246
AP 303
Aruba core switch 3810m routing is here. gateway for all VLANs
Aruba 2540 access switches
2 domain controllers (windows servers 2016) on VLAN 3
1 DHCP server on VLAN 3
VLAN 20 mm&APs 192.168.20.0/24 Mobility controller IP add 192.168.20.253
VLAN 24 M IP add 192.168.24.0/24 >>> SSID M >>>> captive portal with LDAP
VLAN 32 G IP add 192.168.32.0/21 >>>> SSID G >>>> captive portal with LDAP
VLAN 40 T IP add 192.168.40.0/21 >>>> SSID T >>>> captive portal with LDAP
VLAN 48 S IP add 192.168.48.0/21 >>>> SSID S >>>> captive portal with LDAP
The first Problem is DHCP issues -if the user connected on SSID M obtain IP add from VLAN 24 if the same user connected on SSID G still obtain IP from VLAN 24 Who's supposed to get an IP of VLAN 32
TSHOOT Steps
-if the user connected on port untagged in VLAN 24 obtain IP add from VLAN 24 if the same user connected on port untagged in VLAN 32 obtain IP from VLAN 32
then problem in a wireless network not in CORE SW or DHCP Server
- I tried SSID A with PSK and assigned VLAN and the same result
- note IP helper add executed under all VLAN on core SW like that
vlan 24
ip helper-address 192.168.3.80 255.255.255.0
The Second Problem is Captive Portal issues-note I do not have a PEFNG license
-Captive Portal does not appear in all users (laptops-mobile devices)
TSHOOT Steps
- I delete all SSIDs (M.G.T) except (SSID S) still captive portal does not appear I tried added inter VLAN 48 on the Mobility controller (192.168.48.253/21) and executed command IP cp-redirect-address 192.168.48.253 then the captive portal opened and authenticated successfully done.
- when added SSIDs again captive portal does not appear I tried added inter VLAN 48(added before), inter VLAN 24, inter VLAN 32, and inter VLAN 40 on the Mobility controller and executed command IP cp-redirect-address <inter VLAN IP> remove another command The last command remains only in sh running and still captive portal does not appear in all SSIDs.
sample configuration on the Mobility controllerinterface gigabitethernet 0/0/2
trusted
trusted vlan 1-4094
no poe
switchport mode trunk
switchport trunk native vlan 20
!
vlan 20 description "AP&WC"
vlan 24 description "M"
vlan 32 description "G"
vlan 40 description "T"
vlan 48 description "S"
!
aaa authentication-server ldap "DC01-LDAP"
host 192.168.3.5
admin-dn "CN=aruba.auth,OU=SS,OU=All_Users_computer,DC=www,DC=local"
admin-passwd P@ssw@rd
allow-cleartext
base-dn "OU=All_Users_computer,DC=www,DC=local"
preferred-conn-type clear-text
!
aaa authentication-server ldap "DC02-LDAP"
host 192.168.3.6
admin-dn "CN=aruba.auth,OU=SS,OU=All_Users_computer,DC=www,DC=local"
admin-passwd P@ssw@rd
allow-cleartext
base-dn "OU=All_Users_computer,DC=www,DC=local"
preferred-conn-type clear-text
!
aaa server-group "Ldap-Servers"
allow-fail-through
load-balance
auth-server DC01-LDAP position 1
auth-server DC02-LDAP position 2
!
aaa authentication captive-portal "Captive Portal"
server-group "Ldap-Servers"
guest-logon
protocol-http
!
aaa profile "AAA CP"
initial-role "Captive Portal"
!
wlan virtual-ap "G"
vlan 32
ssid-profile "G"
aaa-profile "AAA CP"
!
wlan virtual-ap "M"
vlan 24
ssid-profile "M"
aaa-profile "AAA CP"
!
wlan virtual-ap "S"
vlan 48
ssid-profile "S"
aaa-profile "AAA CP"
!
wlan virtual-ap "T"
vlan 40
ssid-profile "T"
aaa-profile "AAA CP"
!
ap-group "CP"
virtual-ap "G"
virtual-ap "M"
virtual-ap "T"
virtual-ap "S"
*******************************************************************************************************
------------------------------
Mahmoud Magdy
------------------------------