Hi aalap22,
VERY GOOD POINT!
GRE Tunnel was not trusted. On the GUI screen, there is no "Trusted" check for GRE.
After I added "trusted" on Tunnel 1 using serial interface, captive portal is working beautifully.
I have one situation - when I connected to SSID XXXGUEST with Captive Portal using laptop (A), disconencts laptop (A) from SSID XXXGUEST, then connect laptop (A) to SSID XXXBRIDGE with bridge mode, disconnects laptop (A) from SSID XXXBRIDGE, then connect laptop (A) to SSID XXXGUEST again with Captive Portal.
This is intermittent symptom - it sometimes showed "Web Authentication is disbled"
I thought that Controller still hold information with bridge mode, so I waited 600secs (idle timeout) then tried guest access again, then it works fine.
Is there any good setting to trust some user/computer, not to show "Web Authentication is disabled" screen?
Or good solution is to wait 600secs for idle timeout?
One of my customer says after his portable wireless device became power save mode, his guest access was disconnected. I resolved this symptom by extending idle timeout value to max (about 2 hours).
But if idle timeout is set to max 2 hours, when the user encounters "Web Authentication is disabled" situation, the user has to wait 2 hours, or call administrator to disconenct his session on Aruba Web manegement screen.
---------
Here is the configuration.
[Master controller 3200 5.0.4.4 Loopback 10.128.0.89]
interface vlan 184
ip address 10.128.184.1 255.255.254.0
(Master) #show interface tunnel 1
Tunnel 1 is up line protocol is up
Description: Tunnel Interface
Source 10.128.0.89 (Loopback)
Destination 10.128.210.89
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is disabled
tunnel vlan 184,187-189
# VLAN184
subnet 10.128.184.0 netmask 255.255.254.0 {
default-lease-time 86400;
max-lease-time 86400;
option domain-name "test.local";
option vendor-class-identifier "ArubaAP";
option vendor-encapsulated-options "10.128.0.89";
option domain-name-servers 8.8.8.8;
option routers 10.128.184.1;
range 10.128.184.10 10.128.184.254;
range 10.128.185.2 10.128.185.250;
authoritative;
[Local controller 3200 5.0.4.4 Loopback 10.128.210.89]
interface vlan 184
ip address 10.128.184.2 255.255.254.0
no ip routing
ip helper-address 10.128.184.1 --> Obtains DHCP lease from Master, through Layer 2 GRE Tunnel.
(Local) #show interface tunnel 1
Tunnel 1 is up line protocol is up
Description: Tunnel Interface
Source 10.128.210.89 (Loopback)
Destination 10.128.0.89
Tunnel mtu is set to 1100
Tunnel is a Layer2 GRE TUNNEL
Tunnel is Trusted
Inter Tunnel Flooding is enabled
Tunnel keepalive is disabled
tunnel vlan 184,187-189
When I conencted the laptop for guest access, because RAP(AP-105) connects to Local controller,
Local controller's captive portal screen (amber based - I selected) was displayed.
Typed in userID (guest) password (xxxxxx) then authenticated.
Show user at Local controller
(Local) #show user
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------
10.128.184.254 58:94:6b:75:XX:XX guest guest 00:00:27 Web AP4 Wireless XXXGUEST/00:24:6c:21:34:a3/g-HT CaptiveP tunnel
User Entries: 1/1
Show user at Master controller. After I trusted Tunnel 1 GRE Tunnel, Master side also says that guest is authenticated.
(Master) #show user
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------
10.128.184.254 58:94:6b:75:XX:XX guest guest 00:01:36 Web N/A Wireless XXXGUEST/00:24:6c:21:34:a3/g-HT CaptiveP tunnel
User Entries: 1/1