Yeah sure.
Here's the logical topology.
Configuration is the same for both IAP (managed by Airwave).
When I add Site1-IAP1 mac-address into whitelist-db rap on controller, the tunnel goes UP.
And I loose connectivity from my CORP-PC to IAP.
Same configuration on Site2-IAP1 and it works.
I thought there might an unseen override, or a mismatch somewhere but no.
I thought about split-tunnel, if it was enable or not.
Both have :
ip dhcp VL33-CL2
server-type Centralized,L2
server-vlan 33
routing-profile
route 172.16.33.0 255.255.255.0 10.0.13.230
And the problem I have with guest is :
Guest PC associates with SSID-Guest.
SSID-Guest is a 'Guest' type SSID.
Network-assigned : CL2-VL33 (vlan 33)
Route: 172.16.33.0 is reached through 10.0.13.230
There is a Aruba VPN between IAP (10.0.10.110, 10.0.20.110) and Controller (10.0.13.230).
IP-Helper (redirecting a DHCP server on a VM in 10.0.13.x) is setup on mobility controller.
I do get an IP address (172.16.33.X/24, Gateway: 172.16.33.254 etc.)
SSID is setup to use captive portal located in 172.16.33.227 (which is virtual-ip/alias/NAT to Clearpass 10.0.13.227)
I get intercepted by Clearpass Guest captive portal.
I configured a sponsor confirmation, once confirmation is done.
When I click on login, there is no authentication records on Clearpass Access tracker.
I made it work only once, but then I got stuck in a redirecting loop.
But that would be another problem, my main problem is ... How can I experience two different behaviors while I have the same deployed configuration.