What is VLAN12? Do you have that configured on your switches? Do you have a router, NAT, etc, for VLAN12? If you put a wired client in a switch port on VLAN12, does that have internet access?
It's also strange that you see a role Authenticated, because that is used in controller deployment, where in Instant deployments that role is equal to the SSID name.
There are more or less two options that work:
1) Use VC Managed address assignment, and put clients in the Default VLAN
2) Use Network managed, and put clients in a VLAN (12 for example), and make sure all APs have VLAN 12 tagged, and you have a router/NAT device that issues the dhcp and offers connectivity.
When you are in the captive portal role, before login, the Instant AP will perform NAT on all of the traffic, which may be why you can reach ClearPass and not reach anything after authentication. I would prefer the option 1; and if it doesn't work with that, put a client directly in the management VLAN to verify if that can have internet access. Or create an SSID (PSK or so) directly in VLAN12, without captive portal and make that work first.
I would recommend that you find someone who can have a look with you, because it is hard to make a good judgement without having interactive access. Your Aruba partner or Aruba Support would be good candidates for that.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Aug 23, 2022 07:59 AM
From: champion nweke
Subject: Virtual controller assigned DHCP Guest client -- no internet
Hi Herman,
Please see below:
Can you reach your ClearPass? è yes, I get to the captive portal page and session showing on Access Tracker
Can you login through your ClearPass? è Yes I can logon via captive portal to hit clearpass guest URL
If you can successful login, what is the role the client has after authentication? è Role is "Authenticated"
Does the client receive an IP? è DHCp leases an Ip from scope (at all times è whether it is from VC or from external dhcp)
Does the client receive DNS server information? è (yep they receive dns)
Does DNS work on the client? è I cannot ping public ips (eg 8.8.8.8) so I am guessing Internet access is blocked somehow
Can you ping your default gateway from the client? è NO I cannot ping default gateway, but I definitely get a lease from dhcp server
Have you removed all the DHCP config after you moved to 'VC managed'? è yes and I did the same for "external dhcp" (only seems to happen when I go through clearpass)
VLAN is set to Default for the Guest Network SSID config? è Vlan is set to "12" è static
Does the config work if you configure Network Assigned + Default VLAN? è Only works when going through "internal server" and "cloud" captive portal, but does not work when going through CPPM/Guest captive portal
Note that Guest traffic will exit the AP from the (native) management VLAN. Your firewall (if there is one) should allow internet traffic from the AP's management IPs. è I am using a static vlan è vlan 12 ( does not work regardless)
Many thanks for your prompt feedback
Please advise further.
Original Message:
Sent: 8/23/2022 3:01:00 AM
From: Herman Robers
Subject: RE: Virtual controller assigned DHCP Guest client -- no internet
Can you reach your ClearPass?
Can you login through your ClearPass?
If you can successful login, what is the role the client has after authentication?
Does the client receive an IP?
Does the client receive DNS server information?
Does DNS work on the client?
Can you ping your default gateway from the client?
Have you removed all the DHCP config after you moved to 'VC managed'?
VLAN is set to Default for the Guest Network SSID config?
Does the config work if you configure Network Assigned + Default VLAN?
Note that Guest traffic will exit the AP from the (native) management VLAN. Your firewall (if there is one) should allow internet traffic from the AP's management IPs.
If you have access to an Aruba Partner or Aruba support, it may be best to work with someone who can do interactive troubleshooting. There are too many options here, and going forth/back may take a long time.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 23, 2022 12:08 AM
From: champion nweke
Subject: Virtual controller assigned DHCP Guest client -- no internet
Hi Herman,
Thanks for your response.
I have configured it as suggested, still not getting internet.
I am using clearpass server as captive portal.
Could you please advice?
Regards
Champion Nweke
Network and Security Engineer
Perfekt Pty Ltd
Level 1, 936 Glen Huntly Rd
Caulfield South
VIC 3162
Australia
Direct: 03 9945 2209 | Mobile: 0424 848 135 | Fax: 03 9945 2201
Original Message:
Sent: 8/19/2022 4:51:00 AM
From: Herman Robers
Subject: RE: Virtual controller assigned DHCP Guest client -- no internet
You may be missing a route back from your network to your VLAN 12/192.168.12.0/24?
The recommended method for Guest traffic is to use 'Virtual Controller Managed' in the VLAN assignment:
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Aug 18, 2022 11:14 PM
From: champion nweke
Subject: Virtual controller assigned DHCP Guest client -- no internet
Hi guys,
I am having an issue were, my virtual controller assigned dhcp and vlan to my guest ssid clients are getting dhcp but not getting internet connectivity.
My setup:
ssid: Guest
Vlan: 12
dhcp server (local) on VC: 192.168.12.0/24 scope
The document Configuring Local DHCP ScopesArubanetworks | remove preview |
| Configuring Local DHCP Scopes | You can configure Local, Local, L2, and Local, L3 DHCP scopes through the Instant UI or CLI. -In this mode, the Virtual Controller acts as both the DHCP Server and the default gateway. The configured subnet and the corresponding DHCP scope are independent of subnets configured in other IAP clusters. | View this on Arubanetworks > |
|
|
says all I Need to do is assign the VLAN to it and it will nat to local traffic. This does not seem to work for me.
Would appreciate any feedback please.