Hello,
I hav ethe most strangest of strange issues with an IAP enviorment that i have setup. The aruba cluster have around 59 iap's connected to it. The setup is done as following
VLAN=Network assigned, Default
Security=WPA Personal
Access=Network based
The users get the DHCP directly from the firewall via the access points.
My problem is sometimes randomly out of the blue users starts getting redirected to instant.arubanetworks.com login page. What ever webpage they open its the same page that they get. This only happens for 10% of users 10% of the time of the regular work hours. So its very random. Can someone please assist?
below is the config of the aruba's instant controller
9c:1c:12:c9:65:ea# show all
Swarm Active Laser Beam Sources
-------------------------------
bssid channel rssi ap name lms ip master ip inactive time reported by
----- ------- ---- ------- ------ --------- ------------- -----------
9c:1c:12:c9:65:ea# show configuration
version 6.2.1.0-3.4.0
virtual-controller-country ZA
virtual-controller-key 13d621b501dd965236fdb179b08b2ec6c8c6e3a5ddbdcc3eba
name Instant-C9:66:74
virtual-controller-ip 192.168.21.48
virtual-controller-vlan 1 255.255.252.0 192.168.23.254
terminal-access
clock timezone none 00 00
rf-band all
allow-new-aps
allowed-ap 9c:1c:12:c9:66:74
allowed-ap 9c:1c:12:c9:65:ea
allowed-ap 9c:1c:12:c9:66:26
allowed-ap 9c:1c:12:c9:66:0f
allowed-ap 9c:1c:12:c9:66:2c
allowed-ap 9c:1c:12:c9:96:ab
allowed-ap 9c:1c:12:c9:66:77
allowed-ap 9c:1c:12:c9:65:f1
allowed-ap 9c:1c:12:c9:66:7a
allowed-ap 9c:1c:12:c9:66:7e
allowed-ap 9c:1c:12:c9:65:b9
allowed-ap 9c:1c:12:c9:66:8b
allowed-ap 9c:1c:12:c9:65:c8
allowed-ap 9c:1c:12:c9:66:4d
allowed-ap 9c:1c:12:c9:66:8a
allowed-ap 9c:1c:12:c9:66:37
allowed-ap 9c:1c:12:c9:66:30
allowed-ap 9c:1c:12:c9:66:22
allowed-ap 9c:1c:12:c9:66:1d
allowed-ap 9c:1c:12:c9:66:99
allowed-ap 9c:1c:12:c9:66:ad
allowed-ap 9c:1c:12:c9:66:32
allowed-ap 9c:1c:12:c9:66:29
allowed-ap 9c:1c:12:c8:fa:f4
allowed-ap 9c:1c:12:c9:66:07
allowed-ap 9c:1c:12:c9:66:8f
allowed-ap 9c:1c:12:c9:64:f1
allowed-ap 9c:1c:12:c9:65:b5
allowed-ap 9c:1c:12:c9:66:9e
allowed-ap 9c:1c:12:c9:65:b2
allowed-ap 9c:1c:12:c9:66:9b
allowed-ap 9c:1c:12:c9:65:73
allowed-ap 9c:1c:12:c9:66:71
allowed-ap 9c:1c:12:c9:66:97
allowed-ap 9c:1c:12:c9:65:c0
allowed-ap 9c:1c:12:c9:65:e8
allowed-ap 9c:1c:12:c9:64:56
allowed-ap 9c:1c:12:c9:65:c6
allowed-ap 9c:1c:12:c9:65:7f
allowed-ap 9c:1c:12:c9:66:86
allowed-ap 9c:1c:12:c9:65:c7
allowed-ap 9c:1c:12:c9:66:b1
allowed-ap 9c:1c:12:c9:63:ea
allowed-ap 9c:1c:12:c9:66:0a
allowed-ap 9c:1c:12:c9:66:a0
allowed-ap 9c:1c:12:c9:66:5c
allowed-ap 9c:1c:12:c9:66:9d
allowed-ap 9c:1c:12:c9:66:94
allowed-ap 9c:1c:12:c9:66:19
allowed-ap 9c:1c:12:c9:66:96
allowed-ap 9c:1c:12:c9:66:00
allowed-ap 9c:1c:12:c9:65:f9
allowed-ap 9c:1c:12:c9:66:01
allowed-ap 9c:1c:12:c9:66:7b
allowed-ap 9c:1c:12:c9:66:84
allowed-ap 9c:1c:12:c9:66:0e
allowed-ap 9c:1c:12:c9:66:2a
allowed-ap 9c:1c:12:c9:66:73
arm
wide-bands 5ghz
min-tx-power 18
max-tx-power 127
band-steering-mode prefer-5ghz
air-time-fairness-mode fair-access
client-aware
scanning
syslog-level warn ap-debug
syslog-level warn network
syslog-level warn security
syslog-level warn system
syslog-level warn user
syslog-level warn user-debug
syslog-level warn wireless
mgmt-user admin 207282e4985dd2125d520259388ae18a1d8b07ac86e01b97
wlan access-rule default_wired_port_profile
rule any any match any any any permit
wlan access-rule wired-instant
rule 192.168.21.48 255.255.255.255 match tcp 80 80 permit
rule 192.168.21.48 255.255.255.255 match tcp 4343 4343 permit
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
wlan access-rule STUDENTWIFI
rule any any match any any any permit
wlan ssid-profile STUDENTWIFI
enable
index 1
type employee
essid STUDENTWIFI
wpa-passphrase bed2f7c49ca4d2abeddcbbc6ab98cf8cae49d0a712903929
opmode wpa2-psk-aes
max-authentication-failures 0
auth-server InternalServer
rf-band all
captive-portal disable
dtim-period 1
inactivity-timeout 1000
broadcast-filter none
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
auth-survivability cache-time-out 24
wlan external-captive-portal
server localhost
port 80
url "/"
auth-text "Authenticated"
auto-whitelist-disable
blacklist-time 3600
auth-failure-blacklist-time 3600
ids classification
ids
wireless-containment none
wired-port-profile wired-instant
switchport-mode access
allowed-vlan all
native-vlan guest
no shutdown
access-rule-name wired-instant
speed auto
duplex auto
no poe
type guest
captive-portal disable
no dot1x
wired-port-profile default_wired_port_profile
switchport-mode trunk
allowed-vlan all
native-vlan 1
shutdown
access-rule-name default_wired_port_profile
speed auto
duplex full
no poe
type employee
captive-portal disable
no dot1x
enet0-port-profile default_wired_port_profile
uplink
preemption
enforce none
failover-internet-pkt-lost-cnt 10
failover-internet-pkt-send-freq 30
failover-vpn-timeout 180
airgroup
disable
airgroupservice airplay
disable
description AirPlay
airgroupservice airprint
disable
description AirPrint