Security

Reply
Highlighted
Regular Contributor I

Re: Captive portal in different VLAN/Network for Aruba Instant

overall to say : 

 

changing from a public available DNS server from telekom/t-online 194.25.129.2 to google DNS 8.8.8.8 inside the VLAN 100 tagged network solved the issue. 

 

not sure what caused this and why this combination not working. 

 

i assigned afterwards to the Gast-100 a CP and that works smooth too, redirect works.

 

in my case i have set the access-rule to "unrestricted" .

 

one last question:

 

in the access rules there's network-based or role-based. if changing to role-based there's an option for "pre-auth" role . as the unrestricted access rule points to the CP too, i wonder if i have to change to pre-auth role when changing to role-based access rule e.g. if someone would like to restrict the guest-access directly on the IAP already.

 

from a controller-perspective : sure the usual pre-logon role is assigned before auth, and then guest-role after auth. is it the same doing on the IAP ?

 

EDIT : seems without pre-auth role in the role-based a redirect to CP also works. so i expect that if not assigning a pre-auth role it's just already the default gast-100 role with access to any destinations just dst-nat'ed to the controller until authenticated. but when there's a need to pre-auth too with lesser ACL's like dns/dhcp/ping only  (like on campus controllers) then additonal pre-auth is just put on top of the guest SSID.

 

so far so good, im happy that it's working now.

 

thanks

ben

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: