Cloud Managed Networks

Hi.

I know that is posible to have a wired profile for guest access on my access points, but I'm having problems trying to configure it from Aruba Central. I want to configure a Guest Cloud Portal working on a WLAN and Eth0. On WLAN i have no problem, but on Eth0 I get the IP address but I'm no having any authentication procedure. I have a specif local dhcp scope for this service. This is my configuration:

ip dhcp CP
 server-type Local
 server-vlan 10
 subnet 192.168.10.0
 subnet-mask 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8

wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 10
 no shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type guest
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 captive-portal external profile 07Eventos_#guest#_
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5
 set-role-pre-auth 07Eventos_#guest#_

enet0-port-profile default_wired_port_profile

wlan ssid-profile testCP
 enable
 index 0
 type guest
 essid testCP
 utf8
 wpa-passphrase 3a762eeda709dda7de709074887564a0dce068ed339e3254
 opmode wpa3-sae-aes
 max-authentication-failures 0
 vlan 10
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 set-role-pre-auth 07Eventos_#guest#_
 rf-band all
 captive-portal external profile 07Eventos_#guest#_
 mac-authentication
 mac-authentication-delimiter :
 mac-authentication-upper-case
 dtim-period 1
 broadcast-filter arp
 radius-accounting
 radius-interim-accounting-interval 5
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 128

Any idea why is not working?

Thank you in advanced

what AP model are you using for this? generally you should not change E0 wired profile a sit is the uplink for the AP.

But you can create E1-E4 port profile and enable Cloud Guest 

Here I am using AP505H that has 4x Ethernet ports and this is for E3.

Hi.

I know that is posible to have a wired profile for guest access on my access points, but I'm having problems trying to configure it from Aruba Central. I want to configure a Guest Cloud Portal working on a WLAN and Eth0. On WLAN i have no problem, but on Eth0 I get the IP address but I'm no having any authentication procedure. I have a specif local dhcp scope for this service. This is my configuration:

ip dhcp CP
 server-type Local
 server-vlan 10
 subnet 192.168.10.0
 subnet-mask 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8

wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 10
 no shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type guest
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 captive-portal external profile 07Eventos_#guest#_
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5
 set-role-pre-auth 07Eventos_#guest#_

enet0-port-profile default_wired_port_profile

wlan ssid-profile testCP
 enable
 index 0
 type guest
 essid testCP
 utf8
 wpa-passphrase 3a762eeda709dda7de709074887564a0dce068ed339e3254
 opmode wpa3-sae-aes
 max-authentication-failures 0
 vlan 10
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 set-role-pre-auth 07Eventos_#guest#_
 rf-band all
 captive-portal external profile 07Eventos_#guest#_
 mac-authentication
 mac-authentication-delimiter :
 mac-authentication-upper-case
 dtim-period 1
 broadcast-filter arp
 radius-accounting
 radius-interim-accounting-interval 5
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 128

Any idea why is not working?

Thank you in advanced

I am testing with a 303 model, which only has one port. It is possible that you simply cannot enable an authentication service on an uplink port, but I wanted to test the possibility. I hope someone can figure out how it can be done because it would help me quite a bit in my infrastructure.

Best regards, and thanks for your reply

what AP model are you using for this? generally you should not change E0 wired profile a sit is the uplink for the AP.

But you can create E1-E4 port profile and enable Cloud Guest 

Here I am using AP505H that has 4x Ethernet ports and this is for E3.

Hi.

I know that is posible to have a wired profile for guest access on my access points, but I'm having problems trying to configure it from Aruba Central. I want to configure a Guest Cloud Portal working on a WLAN and Eth0. On WLAN i have no problem, but on Eth0 I get the IP address but I'm no having any authentication procedure. I have a specif local dhcp scope for this service. This is my configuration:

ip dhcp CP
 server-type Local
 server-vlan 10
 subnet 192.168.10.0
 subnet-mask 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8

wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 10
 no shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type guest
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 captive-portal external profile 07Eventos_#guest#_
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5
 set-role-pre-auth 07Eventos_#guest#_

enet0-port-profile default_wired_port_profile

wlan ssid-profile testCP
 enable
 index 0
 type guest
 essid testCP
 utf8
 wpa-passphrase 3a762eeda709dda7de709074887564a0dce068ed339e3254
 opmode wpa3-sae-aes
 max-authentication-failures 0
 vlan 10
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 set-role-pre-auth 07Eventos_#guest#_
 rf-band all
 captive-portal external profile 07Eventos_#guest#_
 mac-authentication
 mac-authentication-delimiter :
 mac-authentication-upper-case
 dtim-period 1
 broadcast-filter arp
 radius-accounting
 radius-interim-accounting-interval 5
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 128

Any idea why is not working?

Thank you in advanced

Indeed you cannot authenticate clients on your uplink port, just on a downlink port.

If you can create a mesh to another AP, you may be able to change the eth0 port to a downlink port and run a wired captive portal on it. But better/easier to get APs with multiple ethernet interfaces.

I am testing with a 303 model, which only has one port. It is possible that you simply cannot enable an authentication service on an uplink port, but I wanted to test the possibility. I hope someone can figure out how it can be done because it would help me quite a bit in my infrastructure.

Best regards, and thanks for your reply

what AP model are you using for this? generally you should not change E0 wired profile a sit is the uplink for the AP.

But you can create E1-E4 port profile and enable Cloud Guest 

Here I am using AP505H that has 4x Ethernet ports and this is for E3.

Hi.

I know that is posible to have a wired profile for guest access on my access points, but I'm having problems trying to configure it from Aruba Central. I want to configure a Guest Cloud Portal working on a WLAN and Eth0. On WLAN i have no problem, but on Eth0 I get the IP address but I'm no having any authentication procedure. I have a specif local dhcp scope for this service. This is my configuration:

ip dhcp CP
 server-type Local
 server-vlan 10
 subnet 192.168.10.0
 subnet-mask 255.255.255.0
 default-router 192.168.10.1
 dns-server 8.8.8.8

wired-port-profile default_wired_port_profile
 switchport-mode trunk
 allowed-vlan all
 native-vlan 10
 no shutdown
 access-rule-name default_wired_port_profile
 speed auto
 duplex full
 no poe
 type guest
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 captive-portal external profile 07Eventos_#guest#_
 no dot1x
 radius-accounting
 radius-interim-accounting-interval 5
 set-role-pre-auth 07Eventos_#guest#_

enet0-port-profile default_wired_port_profile

wlan ssid-profile testCP
 enable
 index 0
 type guest
 essid testCP
 utf8
 wpa-passphrase 3a762eeda709dda7de709074887564a0dce068ed339e3254
 opmode wpa3-sae-aes
 max-authentication-failures 0
 vlan 10
 auth-server AS1_#guest#_
 auth-server AS2_#guest#_
 set-role-pre-auth 07Eventos_#guest#_
 rf-band all
 captive-portal external profile 07Eventos_#guest#_
 mac-authentication
 mac-authentication-delimiter :
 mac-authentication-upper-case
 dtim-period 1
 broadcast-filter arp
 radius-accounting
 radius-interim-accounting-interval 5
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 128

Any idea why is not working?

Thank you in advanced