Controllerless Networks

last person joined: 20 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

This thread has been viewed 0 times

  • 1.  Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

    Posted Aug 09, 2017 05:11 PM

    Hello,

     

    We currently have an Aruba mesh network that then goes thru a cipafilter to the world.  Everything is functioning normally except for the following.

     

    I have been tasked with turning on SSL decryption on the firewall, but that causes all of our guest wifi users to have to install a certificate which I would prefer guests not have to do.

     

    I spoke with cipa filter and they said to create a group on the filter for wifi that doesnt require ssl decryption and give it the subnet/ip coming from the Aruba wifi guest dhcp service.

     

    I have all of this setup, but the strangest thing happens.  I can connect multiple clients to guest wifi, get a correct dhcp served ip address and get to the internet on any of the clients.  BUT, The clients can not go to the same webpage at the same time.  If I have 1 go to msn another to yahoo and another go to google, all load quickly without issue.  If I make it so they all try to get to yahoo at the same time, only 1 will load while the others white screen, then as soon as the first is loaded, the 2nd will then load, then the 3rd when the 2nd is finished.  

     

    I have tried multiple routing changes thinking something is getting lost along the way with no luck.

     

    I did notice that the firewall is not seeing any traffic from the dhcp addresses handed out on the guest wifi ssid, it is only seeing traffic from the master AP ip address.  

     

    I am using the AP's 172.x.x.x dhcp service without setting any other parameters.  No vlan changes, no other changes to routing and such on the AP's.

     

    All other systems and ssids work without an issue.

     

    Its that whole round robin loading of the same website that is messing me up.   Is there a way to just have the AP be more transparent and just forward the traffic to the firewall without Natting it maybe?  Then I could just set up the firewall to accept that traffic and route it back to that ap on its way back in. 

     

    Thanks for reading this long winded issue.  Much Appreciated. 



  • 2.  RE: Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading
    Best Answer

    EMPLOYEE
    Posted Aug 10, 2017 08:18 AM

    You would have to create a separate VLAN, trunk that VLAN to each IAP and configure the WLAN to be "Network Assigned" instead of "Virtual Controller Assigned".



  • 3.  RE: Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

    Posted Aug 10, 2017 09:32 AM
    Thanks for the info. Unfortunately, it appears that using this type of
    setup is not compatible with cipafilter firewalls group setup. In order to
    create 2 different groups for the cipafilter to recognize so that 1 group
    can be assigned ssl decryption and the other (guest access) not have ssl
    decryption, I need a range of ip addresses for it to attach to. By using
    the same dhcp server for both regular and guest users and not using the
    arubas built in dhcp, I am unable to differentiate where the request is
    coming in thru.

    Thanks for the help tho.

    --
    Dan Viste


  • 4.  RE: Guest wifi thru cipafilter with aruba dhcp strange issue round robin loading

    EMPLOYEE
    Posted Aug 10, 2017 09:34 AM

    You would need a new VLAN/subnet.  The Instant controller can provide captive portal on this network.  That new range of ip addresses is what you would enter into the filter.