Wireless Access

Reply
Occasional Contributor II

Re: Captive Portal Split Tunnel help??

If I define it on the controller, will the traffic exit the controller, or exit on the local switch attached to the AP?

Guru Elite

Re: Captive Portal Split Tunnel help??

The idea with Split Tunnel Captive portal is to have it hit the controller for Captive Portal authentication, but your "success" or resulting role can then send the traffic out of the interface of the AP by using any any route src-nat.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Captive Portal Split Tunnel help??

OK so the VAP VLAN should be the initial "authenticating" VLAN, i.e. one where a DHCP server is reachable and one where the controller is reachable?  Where should I configure the internet only VLAN? A server derivation rule?

 

Have I setup my roles wrong - my initial role is the one which holds the source nat, should it be the post authentication role?

 

Thanks for your help.

Guru Elite

Re: Captive Portal Split Tunnel help??


@steveh_2001 wrote:

OK so the VAP VLAN should be the initial "authenticating" VLAN, i.e. one where a DHCP server is reachable and one where the controller is reachable?  Where should I configure the internet only VLAN? A server derivation rule?

 

Have I setup my roles wrong - my initial role is the one which holds the source nat, should it be the post authentication role?

 

Thanks for your help.


The internet traffic is source-natted out of the ip address of the local access point's ip address.

 

You are correct on the role switch.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Frequent Contributor II

Re: Captive Portal Split Tunnel help??

is thre any chance to bridge with the RAP in Split Tunnel mode? Not to route?!

 

i have a RAP in vlan1 and need  and need vlan11 split to tunnel cp traffic and bridge the data like dns, http and so on to vlan 11.

 

if i use "route"  the RAP routes out on his vlan1 interface not in the user vlan 11. I see the vlan 11 ip in vlan 1 :(

 

if i use "route src nat" i see the RAP IP in VLAN 1 with the request from the client in vlan 11.

 

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: