@dave1607 wrote:
Output from "show rights guest-logon" below, clearpass test is the Clearpass server where the captive portal is hosted.
Valid = 'Yes'
CleanedUp = 'No'
Derived Role = 'guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Number of users referencing it = 4
Periodic reauthentication: Disabled
DPI Classification: Enabled
Youtube education: Disabled
Web Content Classification: Enabled
ACL Number = 9/0
Max Sessions = 65535
Check CP Profile for Accounting = TRUE
Captive Portal profile = Open_Test
Application Exception List
--------------------------
Name Type
---- ----
Application BW-Contract List
----------------------------
Name Type BW Contract Id Direction
---- ---- ----------- -- ---------
access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 ra-guard session
2 allow-clearpass-test session
3 logon-control session
4 captiveportal session
ra-guard
--------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user any icmpv6 rtr-adv deny Low 6
allow-clearpass-test
--------------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user clearpass-test svc-https permit Low 4
2 user clearpass-test svc-http permit Low 4
logon-control
-------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user any udp 68 deny Low 4
2 any any svc-icmp permit Low 4
3 any any svc-dns permit Low 4
4 any any svc-dhcp permit Low 4
5 any any svc-natt permit Low 4
6 any 169.254.0.0 255.255.0.0 any deny Low 4
7 any 240.0.0.0 240.0.0.0 any deny Low 4
captiveportal
-------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Low 4
3 user any svc-https dst-nat 8081 Low 4
4 user any svc-http-proxy1 dst-nat 8088 Low 4
5 user any svc-http-proxy2 dst-nat 8088 Low 4
6 user any svc-http-proxy3 dst-nat 8088 Low 4
Expired Policies (due to time constraints) = 0
Current OS version is 6.4.4.16
Thanks
Dave
You should do a packet capture for that client to see what the client could be doing:
- Forget the WLAN from the client's wireless networks
- Turn off the wireless nic of the client
- Delete the client from the user table on the controller's cli (aaa user delete mac <mac address of client>)
- Turn on packet capturing for that client:
packet-capture reset-pcap
packet-capture destination local-filesystem
packet-capture datapath mac <mac address of client> decrypted
-Enable the client's wireless nic and associate to the SSID. Observe the behavior.
- Take a look at the client's wireless traffic to see what traffic the client is sending:
(aruba7640) #show packet-capture datapath-pcap
18:49:26.970495 IP 192.168.1.1 > 224.0.0.1: igmp query v2
18:49:28.361216 IP 192.168.1.239.40859 > 172.217.9.138.443: Flags [P.], seq 3687845484:3687845515, ack 368191004, win 4329, options [nop,nop,TS val 19281407 ecr 3934040426], length 31
18:49:28.361281 IP 192.168.1.239.40859 > 172.217.9.138.443: Flags [F.], seq 31, ack 1, win 4329, options [nop,nop,TS val 19281414 ecr 3934040426], length 0
18:49:28.382341 IP 172.217.9.138.443 > 192.168.1.239.40859: Flags [R], seq 368191004, win 0, length 0
18:49:34.129610 IP 192.168.1.1 > 224.0.0.251: igmp query v2 [gaddr 224.0.0.251]
18:49:34.677221 IP 192.168.1.239.17553 > 8.8.8.8.53: 20054+ A? mobile.pipe.aria.microsoft.com. (48)
18:49:34.808386 IP 8.8.8.8.53 > 192.168.1.239.17553: 20054 5/0/0 CNAME prd.col.aria.mobile.skypedata.akadns.net., CNAME pipe.skype.com., CNAME pipe.prd.skypedata.akadns.net., CNAME pipe.cloudapp.aria.akadns.net., A 52.114.132.23 (199)
18:49:37.747091 ARP, Request who-has 192.168.1.239 (80:a5:89:33:69:75) tell 192.168.1.1, length 46
18:49:37.881564 ARP, Reply 192.168.1.239 is-at 80:a5:89:33:69:75, length 28