Cloud Guest normally works without any issues, as there is not so much to configure. If TAC does not come with a proper answer, escalate your support case.
The MAC auth failed can be 'normal' as mac authentication is used for MAC caching, and for clients that are not cached/known, it's expected that these fail MAC authentication.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Sep 20, 2024 04:34 AM
From: emrerabo
Subject: guest network cloudguest onboarding failed
hi all,
we've been struggling with our guest network for 6 months now.
users are having trouble with connecting to our guest network.
sometimes the splash screen wont load. its our own splash screen configured in aruba central (saas)
and sometimes the splash do load and they accept the terms but they wont have internet.
the only thing that we see on the logging is: onboarding failed, mac authentication failed
we do not have any restrictions for mac and use the default cloud guest athentication servers
even TAC couldnt solve it for us. they kept asking for logs which we did provide but there was no outcome.
reloading the gateways (9004) seems to solve it but after a week or 2 the issues come back.
we are running 10.6.0.3
config in aruba central:
! Include the next four lines on your guest SSIDauth-server AS1_#guest#_auth-server AS2_#guest#_set-role-pre-auth GUEST_PORTAL_#guest#_captive-portal external profile GUEST_PORTAL_#guest#_wlan access-rule GUEST_PORTAL_#guest#_ rule alias licdn.com match tcp 443 443 permit rule alias twimg.com match tcp 443 443 permit rule alias bam.nr-data.net match tcp 443 443 permit rule alias nr-data.net match tcp 443 443 permit rule alias js-agent.newrelic.com match tcp 443 443 permit rule alias crl.comodoca.com match tcp 80 80 permit rule alias crt.comodoca.com match tcp 80 80 permit rule alias secure.comodo.com match tcp 80 80 permit rule alias symcb.com match tcp 80 80 permit rule alias symcd.com match tcp 80 80 permit rule alias digicert.com match tcp 80 80 permit rule alias any match tcp 80 80 permit rule alias match 6 80 80 permit wlan auth-server AS1_#guest#_ radsec ip euw1.cloudguest.central.arubanetworks.com port 1812 acctport 1813 timeout 20 nas-id 11875c0b-4dbf-488f-b1b2-b13113011b75 rfc3576wlan auth-server AS2_#guest#_ radsec port 443 ip euw1.cloudguest.central.arubanetworks.com port 1812 acctport 1813 timeout 20 nas-id 11875c0b-4dbf-488f-b1b2-b13113011b75 rfc3576wlan external-captive-portal GUEST_PORTAL_#guest#_ server euw1.cloudguest.central.arubanetworks.com port 443 url "/portal/scope.cust-37a3562638f84b3a9e6ac1893df9e1b7/Guest_Portal/capture" auth-text "" https