Controllerless Networks

Occasional Contributor II

Re: Guest Network will not connect to internet

We discoverd a DNS issue at this office, thanks for the assistance.

Occasional Contributor I

Re: Guest Network will not connect to internet

Hi, I also have problems on my Guest network or even Admin network. I have 10 IAP-305-RW fw default, 1 IAP was setup as VC. My network is just flat /16. All IAP IP's are able to ping to internet. Roles are just set temporarily to unrestricted. If I try to use a Captive Portal or Acknoledgement Splash page it seems that there is a "CERT error" that's why i can't access internet. I tried configuring manually the browsers to trusts site "" then it succeed, Please help me to resolve this issue on captive portal authentication.


Best Regards,


New Contributor

Re: Guest Network will not connect to internet

what was your issue? I am having almost the exact same issue as you are and I cannot see where the problem is

Aruba Employee

Re: Guest Network will not connect to internet

From my point of view, the issue is with the certificate and browsers which are more restrictive with certificate errors. 

For a captive portal authentication, you cannot use the self-signed default certificate from our products. They just work for demos or testing, but with the restrictions from many browsers, are not for a production environment. first, you should get a trusted (trusted by all your guest clients) certificate. This should allow all clients to get redirected to the captive portal successfully. 

Afterward, we can figure out, what else is not working as expected. 




visit our Youtube Channel:
Please visit my personal blog as well:
New Contributor

Re: Guest Network will not connect to internet

Referring to the original problem in this thread, the problem for me was not DNS related I do not think. 


We had AP's set up in two different locations with same access rules for guest network. However on one network as soon as rules were added (specifically allow http/s except to local subnet) the AP behaved differently, it did not send Guest Wifi traffic directly from the AP's static IP address any longer, but from the Guest device from DHCP range 172.24.31.*. This meant the firewall was blocking the Aruba's Guest devices on this ip range. This was not happening on the first Guest network I set up in the same way. 


I compared the set up on both networks and could not find any difference which would cause this, in the end I changed the structure of the access rules to deny each of the corporate subnets and then allow everything esle as opposed to the 'allow http except to network ....'. So the Aruba AP was NAT'ing the Guest devices on one network but not on the other (I think)


Not sure why one network worked differently to another but the new access rules seems to work in all 3 locations so far. 

Search Airheads
Showing results for 
Search instead for 
Did you mean: