Cloud Managed Networks

Hi, we are seeing the following after configuring Guest Portal access from a site which is connected via VPN over VDSL...
We are able to tracert to euw1 and euw1-elb  which resolve to Central IP addresses and firewall ports 2083 and 443 are open.

Output Time: 2023-01-13 12:19:30 UTC
COMMAND=show radius status
Radius server status
--------------------
Name Server IP Source IP Server Name Protocol Port NAS IP Connected sockets Status Last connection tried at Next connection at
---- --------- --------- ----------- -------- ---- ------ ----------------- ------ ------------------------ ------------------
InternalServer 127.0.0.1 10.x.x.x Not configured RADIUS/UDP 1616 127.0.0.1 Not Applicable Not Applicable Not Applicable Not Applicable
AS1_#guest#_ 0.0.0.0 10.x.x.x euw1.cloudguest.central.arubanetworks.com RADIUS/TLS 2083 10.x.x.x 0 INIT 2023-01-13 12:19:11.440820 2023-01-13 12:19:51.40440820
AS2_#guest#_ 0.0.0.0 10.x.x.x euw1-elb.cloudguest.central.arubanetworks.com RADIUS/TLS 443 10.x.x.x 0 INIT 2023-01-13 12:18:23.948294 2023-01-13 12:23:43.320948294

=== Troubleshooting session completed ===
Any help appreciated
Dave

Did you try to do a local breakout for guest portal instead of going through VPN/VDSL connection?

Maybe totally unrelated, but did you check MTU size over VPN connection?

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Expert 2023
------------------------------

Original Message:
Sent: Jan 13, 2023 07:33 AM
From: dtonkin
Subject: Guest Portal / Radius

Hi, we are seeing the following after configuring Guest Portal access from a site which is connected via VPN over VDSL...
We are able to tracert to euw1 and euw1-elb  which resolve to Central IP addresses and firewall ports 2083 and 443 are open.

Output Time: 2023-01-13 12:19:30 UTC
COMMAND=show radius status
Radius server status
--------------------
Name Server IP Source IP Server Name Protocol Port NAS IP Connected sockets Status Last connection tried at Next connection at
---- --------- --------- ----------- -------- ---- ------ ----------------- ------ ------------------------ ------------------
InternalServer 127.0.0.1 10.x.x.x Not configured RADIUS/UDP 1616 127.0.0.1 Not Applicable Not Applicable Not Applicable Not Applicable
AS1_#guest#_ 0.0.0.0 10.x.x.x euw1.cloudguest.central.arubanetworks.com RADIUS/TLS 2083 10.x.x.x 0 INIT 2023-01-13 12:19:11.440820 2023-01-13 12:19:51.40440820
AS2_#guest#_ 0.0.0.0 10.x.x.x euw1-elb.cloudguest.central.arubanetworks.com RADIUS/TLS 443 10.x.x.x 0 INIT 2023-01-13 12:18:23.948294 2023-01-13 12:23:43.320948294

=== Troubleshooting session completed ===
Any help appreciated
Dave

Hi Gorazd, yes, we have configured direct internet access to cloudguest, also mtu has been changed to 1300, still no success! Can different Spash pages be associated with a single SSID? or can different Splash pages be associated with their own SSID ?
Dave
Original Message:
Sent: Jan 15, 2023 03:24 AM
From: GorazdKikelj
Subject: Guest Portal / Radius

Did you try to do a local breakout for guest portal instead of going through VPN/VDSL connection?

Maybe totally unrelated, but did you check MTU size over VPN connection?

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Expert 2023

Original Message:
Sent: Jan 13, 2023 07:33 AM
From: dtonkin
Subject: Guest Portal / Radius

Hi, we are seeing the following after configuring Guest Portal access from a site which is connected via VPN over VDSL...
We are able to tracert to euw1 and euw1-elb  which resolve to Central IP addresses and firewall ports 2083 and 443 are open.

Output Time: 2023-01-13 12:19:30 UTC
COMMAND=show radius status
Radius server status
--------------------
Name Server IP Source IP Server Name Protocol Port NAS IP Connected sockets Status Last connection tried at Next connection at
---- --------- --------- ----------- -------- ---- ------ ----------------- ------ ------------------------ ------------------
InternalServer 127.0.0.1 10.x.x.x Not configured RADIUS/UDP 1616 127.0.0.1 Not Applicable Not Applicable Not Applicable Not Applicable
AS1_#guest#_ 0.0.0.0 10.x.x.x euw1.cloudguest.central.arubanetworks.com RADIUS/TLS 2083 10.x.x.x 0 INIT 2023-01-13 12:19:11.440820 2023-01-13 12:19:51.40440820
AS2_#guest#_ 0.0.0.0 10.x.x.x euw1-elb.cloudguest.central.arubanetworks.com RADIUS/TLS 443 10.x.x.x 0 INIT 2023-01-13 12:18:23.948294 2023-01-13 12:23:43.320948294

=== Troubleshooting session completed ===
Any help appreciated
Dave

Hi Dave.

You can select captive portal by providing an appropriate role in RADIUS:Aruba:Aruba-User-Role attribute so in practice you can have multiple captive portals on the same ssid. You need to have a mean to determine what splash page/captive portal you need to show to a connecting device. This can be based for example on location of the AP.

Also ssid can have it's own captive portal/splash page associated. So both options are possible.

Best, gorazd

------------------------------
Gorazd Kikelj
MVP Expert 2023
------------------------------

Original Message:
Sent: Jan 16, 2023 11:25 AM
From: dtonkin
Subject: Guest Portal / Radius

Hi Gorazd, yes, we have configured direct internet access to cloudguest, also mtu has been changed to 1300, still no success! Can different Spash pages be associated with a single SSID? or can different Splash pages be associated with their own SSID ?
Dave
Original Message:
Sent: Jan 15, 2023 03:24 AM
From: GorazdKikelj
Subject: Guest Portal / Radius

Did you try to do a local breakout for guest portal instead of going through VPN/VDSL connection?

Maybe totally unrelated, but did you check MTU size over VPN connection?

Best, Gorazd

------------------------------
Gorazd Kikelj
MVP Expert 2023

Original Message:
Sent: Jan 13, 2023 07:33 AM
From: dtonkin
Subject: Guest Portal / Radius

Hi, we are seeing the following after configuring Guest Portal access from a site which is connected via VPN over VDSL...
We are able to tracert to euw1 and euw1-elb  which resolve to Central IP addresses and firewall ports 2083 and 443 are open.

Output Time: 2023-01-13 12:19:30 UTC
COMMAND=show radius status
Radius server status
--------------------
Name Server IP Source IP Server Name Protocol Port NAS IP Connected sockets Status Last connection tried at Next connection at
---- --------- --------- ----------- -------- ---- ------ ----------------- ------ ------------------------ ------------------
InternalServer 127.0.0.1 10.x.x.x Not configured RADIUS/UDP 1616 127.0.0.1 Not Applicable Not Applicable Not Applicable Not Applicable
AS1_#guest#_ 0.0.0.0 10.x.x.x euw1.cloudguest.central.arubanetworks.com RADIUS/TLS 2083 10.x.x.x 0 INIT 2023-01-13 12:19:11.440820 2023-01-13 12:19:51.40440820
AS2_#guest#_ 0.0.0.0 10.x.x.x euw1-elb.cloudguest.central.arubanetworks.com RADIUS/TLS 443 10.x.x.x 0 INIT 2023-01-13 12:18:23.948294 2023-01-13 12:23:43.320948294

=== Troubleshooting session completed ===
Any help appreciated
Dave