Wireless Access

last person joined: 11 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive Portal with two controllers in HA Dual mode

This thread has been viewed 0 times

  • 1.  Captive Portal with two controllers in HA Dual mode

    Posted Jul 06, 2016 07:06 AM

    Hello,

     

    I am having some difficulties with configuring Captive Portal on my controllers.

    Currently on the same vlan I have four controllers, which are configured in pairs on HA groups and in Dual mode.

    Controller A-1 (Dual) (master controller) <=> Controller B-1 (Dual)

    Controller A-2 (Dual) <=> Controller B-(Dual)

     

    I have configured the captive portal everywhere, with L3 IP on the cp vlan etc.

    When a client tries to connect, all controllers are trying to intercept the traffic and present the CP page.

     

    Any ideas how I can work around this?



  • 2.  RE: Captive Portal with two controllers in HA Dual mode

    EMPLOYEE
    Posted Jul 06, 2016 07:43 AM

    That should not happen.

     

    - User traffic should only be passing through the controller that the access point is terminated on.  The standby controller for that AP does not see any user traffic from that AP.

     

    - How can you tell it is being intercepted by all controllers?



  • 3.  RE: Captive Portal with two controllers in HA Dual mode

    Posted Jul 06, 2016 07:58 AM

    When connecting to an AP linked to controller B-1, I tried to login on the captive portal and after pressing connect, the page refreshed and I got redirectied to A-1-url/upload/custom/default/index.html

     

    In general, should the configuration be identical on all controllers, with only difference being the L3 IP?

    Captive Portal custom webpage, again identical and uploaded to all controllers?



  • 4.  RE: Captive Portal with two controllers in HA Dual mode

    EMPLOYEE
    Posted Jul 06, 2016 08:26 AM

    Did you configure the ip-cp-redirect option on any of the controllers?

    Did you change the built-in https certificate on any of the controllers?

     



  • 5.  RE: Captive Portal with two controllers in HA Dual mode

    Posted Jul 06, 2016 12:19 PM

    ip cp redirect is not configured

     

    I have added valid certificates from quovadis, each one created with CN to be the specific fqdn of each controller.

     

    Two sidenotes that would be nice to look at as well if possible...

    1) The certificate appears valid if I use it for the webgui, but invalid on the Captive Portal (NET::ERR_CERT_AUTHORITY_INVALID), tried OCSR rules etc with no luck, but still investigating. 

    2) Can we have a different url on the login page than the actual controller url e.g. guest.mycompany.com which would be the same for all controllers? Would the controller need to reply to a DNS query for that url and would that need a special config, or is it part of the generic CaptivePortal operation, where it is intercepting all DNS queries anyway?