According to 8.7 features Captive Portal Enhancements (arubanetworks.com) an external CP should now be possible with bridged mode campus AP's. However this is not working for my setup (bridged to a tagged vlan), no CP redirect happening (DNS lookup works). Not much info besides 2 config changes (full path and the AAA profile change). I'm assuming this will only work on the native bridged VLAN? I can't really test the native VLAN to validate as this has no external access (DNS).
Can someone give me the limitations on this?
In the first instance, when the client is placed in the User Role can it manually browse to the Captive Portal or even reach the IP of the Captive Portal from its VLAN?
yes, all that is working from the tagged vlan, DNS lookup also works fine
Why are you wanting to use bridge mode and captive portal? Why wouldn't you run the APs in Instant mode where bridging is a native function rather than a secondary consideration?
The customer only has 1 remote site, and thus would imply 2 configurations to be handled differently. For ease of mgmt, we would opt to only forsee the config being handled by the MC. Also the corporate traffic needs to be tunneled and we would need to modify it to handle that to iap-vpn, and thus make it more complex for the customer.
Operating an AP as a Campus AP over a WAN is not a supported deployment. AOS 8 expects a controller on the same LAN as the AP.
It's not an WAN, it is still an MPLS site, but the MPLS is too low to also handle the guest traffic, but there is a seperate internet link that we would use to handle guest http traffic.
What is the MTU and underlying transport for the connection between the remote site and controller?
MTU is 1518, but I dont think this is relevant as we can browse to the Captive portal on DNS manually and it works fine. It's just the redirection that isnt working. What device should do the redirection? Is it the AP or the controller? The documention is very lacking on this front.
For a bridge mode connection the AP has to do the redirect. Make sure the user role applied to the session for login purposes has the "captiveportalbridge" access-list applied rather than the usual "captiveportal".
Documentation is lacking because this feature was added for a particular requirement. AOS 8 bridge mode overall is not a recommended deployment.
Thanks for the info, do you know if it should work with tagged vlan, or only the native vlan?
Haven't seen that mentioned, shouldn't matter. Clients are never expected to be pulling an IP address from the same VLAN as the AP is managed from.
got it working with tagged vlan. Thx for the info
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.