Wireless Access

last person joined: 5 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

AP-93H Split Tunnel Port

  • 1.  AP-93H Split Tunnel Port

    Posted Jan 31, 2013 09:53 PM

    I am trying to setup an AP-93H with split tunnel on the ports so that the traffic is not tunneling back to the controller, and just going from the controller locally.

     

    I followed a guide I received from TAC, and when the user connects, they are put in the NAT vlan with the correct role, however they never get the captive portal to login.  I have entered the IP address of the wireless controller and even that will not show a login page, I just get a timeout.

     

    Thanks for any assistance you can provide.



  • 2.  RE: AP-93H Split Tunnel Port

    Posted Jan 31, 2013 10:32 PM

    Are you doing split tunnel captive portal?  Can you at least ping the controller's ip address?

     



  • 3.  RE: AP-93H Split Tunnel Port

    Posted Feb 01, 2013 07:58 AM

    Yes, I can do DNS lookups and ping but it will not display the portal.

     



  • 4.  RE: AP-93H Split Tunnel Port

    Posted Feb 01, 2013 08:01 AM
    Is the captive portal interface on the controller the same as the controller's management interface, or do you have a separate vlan for captive portal?


  • 5.  RE: AP-93H Split Tunnel Port

    Posted Feb 01, 2013 08:21 AM

    I have a vlan setup on the controller (21) that is setup as a source NAT.  There is an ip on the controller for that vlan as well.



  • 6.  RE: AP-93H Split Tunnel Port

    Posted Feb 01, 2013 08:25 AM

    Does the user get into a role with the Captive Portal ACL?

     



  • 7.  RE: AP-93H Split Tunnel Port

    Posted Feb 01, 2013 08:57 AM

    Yes, they are put into the correct login role with the acls applied for redirection.



  • 8.  RE: AP-93H Split Tunnel Port

    Posted Feb 01, 2013 08:58 AM

    You should then type "show datapath session table <ip address of client>" on the commandline of the controller to see what traffic is being passed during the redirect, or if traffic is being denied.