I would like to configure guest access, using the ArubaOS, with some tcp/udp ports and bandwidth restrictions, however, I do not want to use a captive portal. So when a guest users connects to the guest ssid, and when they launch their web browser, I want them to go to their home page and not be redirected to a captive portal web page. I thought I had it configured correctly, but when I launch my browser, I'm being redirected to securelogin.arubanetworks.com and I get the error web authentication is disabled.
. Go to Configuration> Security> Authentication> AAA profile. Find the AAA profile for that WLAN and change the initial role to "authenticated"
Are those the only three rules? And is DNS actually working (nslookup)? I'm just wondering if you're blocking ICMP, etc. The machine needs to ARP to find the default router, and the firewall has an implicit deny at the end. Also, are you sure you're getting an IP via DHCP and not using a static or 169 address? Seems like you'd also be blocking DHCP. From the CLI on that role it might help to do a 'show rights <role>' so we can have a look at the role.
Are you sure that is the role that your client is getting? Type "show user" and see what role your client is in, and then type "show rights" to see what ACLs are being applied. If you made a change to the initial role, you need to remove or disconnect the client from the user table for it to get the "authenticated" role.
Thanks for the quick reply. That worked better, because now I'm not getting re-directed to the captive portal web page. However, my http and https traffic is not working. DNS works fine, because I can resolve DNS names, but the http and https traffic is not making it pass the controller. Would that be a configuration in my guest access policy? I only have 3 rules, but that should be enough to get http and https traffic to work:
user -> any -> svc-dns-> permit
user -> any -> svc-https -> permit
user -> any -> svc-http -> permit
Or is there some where else that could be blocking it? I also tried changing the source from user to any and it still didn't work.
DNS is working fine, also with everything else, so I'm not sure why I had the problems yesterday and not today. Maybe after I changed the initial role, I didn't save the configured, or forgot to disconnected and reconnect. However, changing the initial role to either authentication or my AuthGuest-Role fixed the problem.
If it's master local not saving the config could have been the issue. The configuration won't be pushed down to the local until it's saved on the master. Glad it's working for you.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.