Wireless Access

last person joined: 5 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Captive Portal cannot showup & 802.1x authentication problem

  • 1.  Captive Portal cannot showup & 802.1x authentication problem

    Posted Nov 07, 2013 04:26 AM

    Hello there,

     

    Does anyone experience in WLAN-user reporting that after they associating to the SSID, they can get the IP address correctly, but the captive portal page cannot show up sometimes? As my client configured a Student SSID with captive portal as authentication, using 10 * /22 subnet pool together to provide up to 10000 in therory, I have checked that the con-current web session of that local controller didn't exceed the maximum value, any idea of the root cause on this?

     

    Besides, another problem is when a WLAN-user login another SSID using 802.1x as authentication, it's no problem except he moves to another building, the mobile device will prompt to accept another certificate as it moves from local controller A to local controller B, I would like to ask is this a problem of each controller using their own self-sign certificate for 802.1x encryption? What's the common design on this?

     

    Here is our deployment, 9 buildings in a campus, (A/B/C/D/E/F/G/M/N), and our vlan design are based on SSID, all AP using tunnel-mode, total 4 * 3600 controller sitting in Block N as datacenter, layer-2 trunk connect to the core switch which connecting to all buildings with L3 connection.

     

    Appreciate for you guys help!!!


    #3600


  • 2.  RE: Captive Portal cannot showup & 802.1x authentication problem

    Posted Nov 07, 2013 04:55 AM

    @FrankChang wrote:

    Hello there,

     

    Does anyone experience in WLAN-user reporting that after they associating to the SSID, they can get the IP address correctly, but the captive portal page cannot show up sometimes? As my client configured a Student SSID with captive portal as authentication, using 10 * /22 subnet pool together to provide up to 10000 in therory, I have checked that the con-current web session of that local controller didn't exceed the maximum value, any idea of the root cause on this?  Make sure that every VLAN on the controller has an ip address.  In addition, enable "Allow Tri-session with DNAT" under Configuration> Advanced Services> Stateful Firewall

     

    Besides, another problem is when a WLAN-user login another SSID using 802.1x as authentication, it's no problem except he moves to another building, the mobile device will prompt to accept another certificate as it moves from local controller A to local controller B, I would like to ask is this a problem of each controller using their own self-sign certificate for 802.1x encryption? What's the common design on this?  It is a problem of each controller using its own self-signed certificate. You can solve this problem by putting a certificate on the radius server and disabling Termination on the 802.1x settings on your individual controllers. 

     

    Here is our deployment, 9 buildings in a campus, (A/B/C/D/E/F/G/M/N), and our vlan design are based on SSID, all AP using tunnel-mode, total 4 * 3600 controller sitting in Block N as datacenter, layer-2 trunk connect to the core switch which connecting to all buildings with L3 connection.

     

    Appreciate for you guys help!!!