Controllerless Networks

Hi,

I have an AP in RAP (Split-tunnel mode) and i have a Wlan Guest with a captive portal local to the controller.

I would like internet traffic to go through the local internet line and not through the tunnel to the controller after authentification on captive protail.

=> I thought I understood that it was necessary to create specific rules for this at the level of the profile

Questions:
1) the policies must be add in the Captive Portal Authentication Profile (default role) ?
      => this is the profile after authentication

2) I think we should add the policies "user any any src-nat" or "user any any route src-nat" ?
       => I read everything and its opposite ....

I thank you in advance

------------------------------
Jérémy Spote
------------------------------

There are two roles (1) the ***logon role, which is what the user obtains when he/she first associates to an SSID.  that role has captiveportal acl which redirects users to the active portal (2) the guest authenticated role, which is what the user obtains after authentication.  the "user any any  route src-nat" ACL belongs in the guest authenticated role.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Jun 01, 2022 03:26 AM
From: Jérémy Spote
Subject: RAP split tunnel - Forward internet traffic to local internet line

Hi,

I have an AP in RAP (Split-tunnel mode) and i have a Wlan Guest with a captive portal local to the controller.

I would like internet traffic to go through the local internet line and not through the tunnel to the controller after authentification on captive protail.

=> I thought I understood that it was necessary to create specific rules for this at the level of the profile

Questions:
1) the policies must be add in the Captive Portal Authentication Profile (default role) ?
      => this is the profile after authentication

2) I think we should add the policies "user any any src-nat" or "user any any route src-nat" ?
       => I read everything and its opposite ....

I thank you in advance

------------------------------
Jérémy Spote
------------------------------

Hi,

Thanks you for the response. 

Effectively, the policy must be add in the "Default Guest Role".

It's work !

------------------------------
Jérémy Spote
------------------------------

Original Message:
Sent: Jun 01, 2022 06:51 AM
From: Colin Joseph
Subject: RAP split tunnel - Forward internet traffic to local internet line

There are two roles (1) the ***logon role, which is what the user obtains when he/she first associates to an SSID.  that role has captiveportal acl which redirects users to the active portal (2) the guest authenticated role, which is what the user obtains after authentication.  the "user any any  route src-nat" ACL belongs in the guest authenticated role.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card

Original Message:
Sent: Jun 01, 2022 03:26 AM
From: Jérémy Spote
Subject: RAP split tunnel - Forward internet traffic to local internet line

Hi,

I have an AP in RAP (Split-tunnel mode) and i have a Wlan Guest with a captive portal local to the controller.

I would like internet traffic to go through the local internet line and not through the tunnel to the controller after authentification on captive protail.

=> I thought I understood that it was necessary to create specific rules for this at the level of the profile

Questions:
1) the policies must be add in the Captive Portal Authentication Profile (default role) ?
      => this is the profile after authentication

2) I think we should add the policies "user any any src-nat" or "user any any route src-nat" ?
       => I read everything and its opposite ....

I thank you in advance

------------------------------
Jérémy Spote
------------------------------