Security

last person joined: 10 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Error with captive portal on Controller 7205

This thread has been viewed 5 times

  • 1.  Error with captive portal on Controller 7205

    Posted Aug 29, 2019 05:44 AM

    Hello,

     

    I have a large network to configure.
    A total of 180 APs (303 and 365) with 25 Switches (2530 24p PoE) and 2 controllers (7205).

     

    One controller will be at the main site, and one will be on another site connected through a long fibre cable. (It should be configured for failover in case the main controller fails - I need details on this configuration as well)

    My main concern is that there should be 1 guest SSID at the main site and another guest SSID at the other site.

    Both must have a captive portal. Therefore, on L3 Authentication, i created 2 captive potal profiles. The 2 guess networks are on different VLANS (one on 104 and one on 320)

     

    The issue that i am facing is that for the main site, i get the captive portal when i connect to the network. But for the second site, I don't get a captive portal. It connects directly to the network.

    Can I be assisted with this config please?

    Also, can someone please elaborate on the HA config for the 2 controllers?

    Thank you.



  • 2.  RE: Error with captive portal on Controller 7205

    MVP GURU
    Posted Aug 29, 2019 02:30 PM

    Do you have an IP address on the guest VLAN interface on at the site where it isn’t working?



  • 3.  RE: Error with captive portal on Controller 7205

    MVP EXPERT
    Posted Aug 29, 2019 05:09 PM

    What is your initial role in your aaa profile look like.

     

    See the flowchart below for reference.GuestPortal Profile Sheet.JPG



  • 4.  RE: Error with captive portal on Controller 7205

    Posted Aug 30, 2019 01:46 AM

    Hello, Thank you for you reply.

    I'm not sure what you meant here. The VLAN ID for the guest network is 320 and the IP range is 192.168.32.20 - 192.168.33.200 (255.255.254.0)

     

    Captive portal is working for a guess SSID on one VLAN (104)
    But is not working on VLAN 320 for another guest SSID.



  • 5.  RE: Error with captive portal on Controller 7205

    MVP EXPERT
    Posted Aug 30, 2019 02:51 AM

    Hi Kayyam09,

     

    You said on 'another SSID'. If you look at the flowchart image. An SSID is unique configured in a VAP (Virtual AP) profile. This VAP profile is bound to a AAA profile which contain an initial (default) role that is used when a client connect to that SSID.

     

    So probably you use a different AAA profile with a different role as the first guest SSID VAP.

     

    When you look at the dashboard under clients you can see what role is bound to the client.

     

    Also be sure you have a IP interface configured on both VLAN 104 and 320 and on both controllers.



  • 6.  RE: Error with captive portal on Controller 7205

    Posted Sep 02, 2019 05:08 AM

    We have a guest network setup using a 7205 controller and a ClearPass server. I have tried putting a URL in the Redirect URL field in the Captive Portal Authentication profile on the 7205 MyLowesLife.