Access Points

Reply
Occasional Contributor II

Re: APs not appearing during installation




(Un?)Fortunately, I'm running 3.4.2.6 on Partition 0, which I'm booting off of. I do have 5.0.1.0 on Partition 1, but haven't tried it at this point. I'll still give the user logon a try and report back.

Aruba Employee

Re: APs not appearing during installation

Paul,

I noticed that one of the users got a public address, but the guest got a 192.168.x.x address. Your guest rule doesn't do NAT, so do you have a different firewall or router upstream doing NAT? If not, that may be one of your issues.
Occasional Contributor II

Re: APs not appearing during installation

I'm pretty sure you're onto something there, Olino. I'm looking into it now, just trying to figure out what I need to do within the policies to get it done. Thanks for the ideas!
Occasional Contributor II

Bah.




Mmmkay. So I tried the user login, but still no dice. It was working fine at first, but as I continued working with other options found here on the Airheads forums and the knowledge base, I lost the ability to even see the portal. Everything's still set with the employee WLAN, but I feel like I'm spinning my wheels at this point.

Here's the current show user information(again, I can't get past the portal to login):

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link
AP name Roaming Essid/Bssid/Phy Profile
---------- ------------ ------ ---- ---------- ---- --------
------- ------- --------------- -------
197.232.2.100 00:1f:e2:cc:a7:1e Guest-guest-logon 00:00:01
00:24:6c:c2:b2:38 Wireless AMC-Guest/00:24:6c:ab:23:81/g Guest-aaa_prof
197.232.2.121 00:1d:d9:1a:d1:7c authenticated 00:00:28
00:24:6c:c2:b2:38 Wireless Aruba-AMC/00:24:6c:ab:23:88/a AMC-aaa_prof

User Entries: 2/2


And the rights:

Derived Role = 'Guest-guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Assigned VLAN = Guest
Periodic reauthentication: Disabled
ACL Number = 43/0
Max Sessions = 65535

Captive Portal profile = Guest-cp_prof

access-list List
----------------
Position Name Location
-------- ---- --------
1 logon-control
2 captiveportal

logon-control
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 user any udp 68 deny Low

2 any any svc-icmp permit Low

3 any any svc-dns permit Low

4 any any svc-dhcp permit Low

captiveportal
-------------
Priority Source Destination Service Action TimeRange Log Expired Qu
eue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- --
--- --- ----- --------- ------ -------
1 user controller svc-https dst-nat 8081 Lo
w
2 user any svc-https dst-nat 8081 Lo
w
3 user any svc-http dst-nat 8080 Lo
w
4 user any svc-http-proxy1 dst-nat 8088 Lo
w
5 user any svc-http-proxy2 dst-nat 8088 Lo
w
6 user any svc-http-proxy3 dst-nat 8088 Lo
w

Expired Policies (due to time constraints) = 0


I realize it probably doesn't help much to see these examples, but I'm grasping at straws right now, heh.

Thanks in advance for any advice you might be able to give.

Guru Elite

Guest-Guest-logon


Mmmkay. So I tried the user login, but still no dice. It was working fine at first, but as I continued working with other options found here on the Airheads forums and the knowledge base, I lost the ability to even see the portal. Everything's still set with the employee WLAN, but I feel like I'm spinning my wheels at this point.

Here's the current show user information(again, I can't get past the portal to login):

Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link
AP name Roaming Essid/Bssid/Phy Profile
---------- ------------ ------ ---- ---------- ---- --------
------- ------- --------------- -------
197.232.2.100 00:1f:e2:cc:a7:1e Guest-guest-logon 00:00:01
00:24:6c:c2:b2:38 Wireless AMC-Guest/00:24:6c:ab:23:81/g Guest-aaa_prof
197.232.2.121 00:1d:d9:1a:d1:7c authenticated 00:00:28
00:24:6c:c2:b2:38 Wireless Aruba-AMC/00:24:6c:ab:23:88/a AMC-aaa_prof

User Entries: 2/2


And the rights:

Derived Role = 'Guest-guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Assigned VLAN = Guest
Periodic reauthentication: Disabled
ACL Number = 43/0
Max Sessions = 65535

Captive Portal profile = Guest-cp_prof

access-list List
----------------
Position Name Location
-------- ---- --------
1 logon-control
2 captiveportal

logon-control
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 802
1P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ---
-- --------- ------ -------
1 user any udp 68 deny Low

2 any any svc-icmp permit Low

3 any any svc-dns permit Low

4 any any svc-dhcp permit Low

captiveportal
-------------
Priority Source Destination Service Action TimeRange Log Expired Qu
eue TOS 8021P Blacklist Mirror DisScan
-------- ------ ----------- ------- ------ --------- --- ------- --
--- --- ----- --------- ------ -------
1 user controller svc-https dst-nat 8081 Lo
w
2 user any svc-https dst-nat 8081 Lo
w
3 user any svc-http dst-nat 8080 Lo
w
4 user any svc-http-proxy1 dst-nat 8088 Lo
w
5 user any svc-http-proxy2 dst-nat 8088 Lo
w
6 user any svc-http-proxy3 dst-nat 8088 Lo
w

Expired Policies (due to time constraints) = 0


I realize it probably doesn't help much to see these examples, but I'm grasping at straws right now, heh.

Thanks in advance for any advice you might be able to give.




If you change the ACL for the role "guest-guest-logon" to "allowall" can the guests even get out to the internet? If they cannot, Captive Portal will not work. Just like Olino mentioned, You might have to do "ip nat inside" on the VLAN that guests are on.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Occasional Contributor II

Re: APs not appearing during installation

Thanks a ton for all your help, guys. Finally got it figured out and working properly because of your suggestions and KB Answer ID 43.