Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

i am doing a lab on directin guest on gre tunel using dmz and master (itself local)controller

This thread has been viewed 0 times

  • 1.  i am doing a lab on directin guest on gre tunel using dmz and master (itself local)controller

    Posted Sep 14, 2016 09:24 AM
      |   view attached

    The guest user showing drop in process logs ...but its showing connected and it taking virtual vlan ip address 192.168.150.2 which is assigned to vlan 150 for tunneling...and also its not showing captive portal when connected..what might be the issue can you please suggest me.......and i follwed this link  https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468

    if u have gui screen shots for the same access control policy ..share me

    Regards,

    Mallikarjun



  • 2.  RE: i am doing a lab on directin guest on gre tunel using dmz and master (itself local)controller

    EMPLOYEE
    Posted Sep 14, 2016 08:30 PM

    You need to make the DMZ Size of the tunnel to be "untrusted" for the captive portal to come up..

     

    The message you are observing looks like it is ARP spoofing, where a device has the same mac address as another device in the user table..



  • 3.  RE: i am doing a lab on directin guest on gre tunel using dmz and master (itself local)controller

    Posted Sep 15, 2016 12:54 AM

    Hi Collin,

    i have done with untrusted tunnel cmd  also..its not working ..

    Regards,

    Mallikarjun

     

     



  • 4.  RE: i am doing a lab on directin guest on gre tunel using dmz and master (itself local)controller

    Posted Sep 15, 2016 02:00 AM

    Is all below policies are mandatory.. i tried with the below  cmds

    its not working

    Configure common alias to be used in policy creation on master controller:

    Configure guest ‘pre-logon’ basic services policy on master controller: 

    Configure guest ‘pre-logon’ captive portal policy on master controller: 

    Configure the guest ‘pre-logon’ role using the above two policies on master controller:  

    Change default ‘cplogout’ policy on master controller:

    Configure guest ‘allowable use’ policy on master controller:

    Configure guest ‘post-logon’ role on master controller:

    Configure SSID derivation of guest role based on guest SSID on master controller:    

    Configure Aruba captive portal on master controller:  

     

    Regards,

    Mallikarjun



  • 5.  RE: i am doing a lab on directin guest on gre tunel using dmz and master (itself local)controller

    EMPLOYEE
    Posted Sep 15, 2016 05:44 AM

    Let's start with what is working and take it from there.  Can you pass traffic through the tunnel?  To find this out, you should type "show datapath tunnel table" on both controllers and see if the encrypts and decrypts number is going up for the GRE tunnel.