Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Guest can access network without captive portal

This thread has been viewed 3 times

  • 1.  Guest can access network without captive portal

    Posted Feb 18, 2016 02:21 AM

    Hi, everyone

     

    I configure 3 VLANs on controller

    VLAN21 10.10.1.1

    VLAN22 10.10.2.1

    VLAN23 10.10.3.1

     

    After guest associated Guest SSID, Guest receive and IP address 10.10.3.x but they can connect SSID without captive portal. And I use command ping "securelogin.arubanetworks.com" on guest device. Result is request time out. Must i need additionally configure

     

    Thanks



  • 2.  RE: Guest can access network without captive portal

    Posted Feb 18, 2016 02:36 AM

    Hi

    I am also self still learning alot of things, but I would suggest checking what the controller VLAN is set to. As far as I understand the portal will run from that IP - so your securelogin.arubanetworks should resolve to this IP.

    #show running-config | include controller-ip                     

    The IP assigned to the assosciated VLAN is the one you are looking for.

     

    To test try to connect to the Guest SSID and browse to the IP - if Captive Portal doesn't open check the Portal setup. 

    If the Portal Opens on IP, then it is possibly a DNS issue.

     

    Just my 2 Cents - but I believe some of the smarter folks in the community can give a better answer.

     



  • 3.  RE: Guest can access network without captive portal

    Posted Feb 19, 2016 12:02 AM

    I try this command on guest client "nslookup securelogin.arubanetworks.com"

    The result is

     

    DNS request time-out

    Non-authoritation answer

    name : securelogin.arubanetworks.com

    Address : 10.10.90.X

     

    and then I  use ping command "ping securelogin.arubanetworks.com"

    It's success 100%

     

    I want to know. My DNS, Is there any problem? 



  • 4.  RE: Guest can access network without captive portal

    Posted Feb 22, 2016 02:42 AM

    If the IP reported when you ping and nslookup is indead that of your controller on its vlan then the DNS is mostlikely working correct. if the IP is incorrect then correct the IP and controller VLAN.

    What happens if you mannually browse to the reported IP does the Captive Portal Open?



  • 5.  RE: Guest can access network without captive portal

    Posted Feb 22, 2016 07:59 AM
    Yes! if i enter ip reported or any ip, traffic will redirect to self register page.



  • 6.  RE: Guest can access network without captive portal

    Posted Feb 22, 2016 09:28 AM

    Hi,

     

    We should first check if the vlan used for the CP network is routable.

     

    For that, please try the following steps:

     

    1. Connect the client to the guest network.

    2. Run the following command to put the client in to authenticated role.

     

    Aruba# aaa user add <ip-address of client> role authenticated

     

    The role authenticated has a allow-all ACL inside it. So, the client device should be able to browse out to internet .

     

    If the client device is unable to browse to internet , then there is an issue with the DNS or routability of the vlan which needs to be corrected which is in turn causing the CP page not to show up automatically.

     

    Along with that, please paste the output for the ACL's mapped to the actual  role that gets assigned to the client

    when it initially connected to the guest network.

     

    Aruba# show rights <name of role>



  • 7.  RE: Guest can access network without captive portal

    EMPLOYEE
    Posted Feb 18, 2016 05:37 AM

    Did this ever work?  What was changed?   It is hard to say what is wrong from the limited information in your post.

     

    You should go to Configuration> Wizards> Campus WLAN and if possible delete and re-recreate your guest WLAN.