@yogendrankp wrote:
Thank you CJ.
I am trying this to setup refering to the KB article 825 and will be using Enet1 of AP125 or AP93H.
I will be making the Enet1 port as access vlan 21
I have a doubt in it. The vlan21 interface created on the controller.
vlan 21
interface vlan 21
ip address 192.168.199.1 255.255.255.0
what would be the subnet for the user connected in enet1 ? will it be 192.168.199.0/24 ?
what should be the gateway for him?
Yes, that will be the subnet. His gateway would be whatever the DHCP server assigns to him.
The subnet a user is assigned is primarily so that it has an ip address where it can reach the controller and bring up the Captive Portal Page. The firewall policies for the guest role after successful authentication are normally something like "any any any route src-nat" which will source-nat all traffic out of the ip address of the RAP it is connected to. So in other words, the default gateway does not really matter.
The rules for split tunnel captive portal say that certain traffic will be redirected (route src-nat) out the enet port of the RAP and NOT the default gateway.. http://community.arubanetworks.com/aruba/attachments/aruba/108/205/1/split-tunnel-captive-portal-pdf.pdf