Wireless Access

I configured RAP with slpit-tunnel mode, users are accessing internet locally and the DHCP from the HQ and everything is working fine. but here is the issue when i access the internet i see on the firewall that the client accessing the internet with the AP's ip address not user's ip.

my question is can the client access the internet with its user ip address and not the AP's ip ?

does anyone have idea about this or faced this issue somehow ? 

With split tunnel, the user gets its ip address from the headend, and when traffic goes out of the access point, it can ONLY be source-natted.  If you want the user to get an individual ip address on that AP with the real ip address showing up on the firewall, the forwarding mode must be bridged and not split-tunneled.

Hi!

After reading this post I figure out that it is not possible to have a Captive Portal in RAP mode where users are bridge to the network. So tThere is no way to use split-tunnel: tunnel during pre-auth and bridge after post-auth.

Any work arround to have CP using CAP or RAP in bridge mode?

Regards

You cannot have users in bridge mode with Captive Portal.  Correct.

You CAN have users with split tunnel and Captive Portal on a RAP, though.  The instructions are here:  https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-to-configure-Captive-Portal-for-Guest-Access-on-a-Remote-AP/ta-p/177144

It uses the tunneled ip addresses to reach the controller's captive portal and then source-nats all of the other traffic after authentication out of the ip address of the AP.