Security

Hi there,

We have IAP-315s on aruba central, I'm trying to get a guest wifi network, with internal captive portal to work on a vlan which isn't the default vlan.

The captive portal asks you to accep the T&Cs, then it connects, very straight forward. I can get this to work on the default vlan, but then I start to run out of IPs on that subnet, because its also where most of the computers, printers, etc are.

I want to use 10.1.40.XXX as my guest vlan, but when I set the guest ssid to use this specific vlan, once connected to the network it fails to load the internal captive portal page, so it never authenticates.

I've also tried setting the same guest ssid to just use open security, this works fine, devices can connect and get the correct 10.1.40.XXX address.

What would be stopping the guest vlan from accessing the internal captive portal page? All of our APs have the Guest Access subscription applied to them.

Thanks

What is issuing the IP addressing for your guest subnet (10.1.40.XXX)? Are you also specifying a DNS server in the DHCP options for the clients? DNS is critical for captive portals as a DNS lookup will almost always occur prior to a clients first HTTP connection which would be "captured" by the portal.

I've just spun up a test SSID on my instant AP with a subnet for clients outside of the management interface subnet range of the instant AP. The Captive Portal is set to Internal - Acknowledged and I got an IP and captive portal.

Hopefully it's something as simple as missing DNS from the DHCP scope?