Reply
Occasional Contributor II
Posts: 23
Registered: ‎10-06-2009

Nook

Hi all,

Scenerio: Got new B&N Nooks on site and they cannot process the captive portal page. It acknowledges that you are being forwarded to a page and allows you to continue but it shows nothing on the screen. Besides mac authentication and creating a different SSID with alternate authentication (WEP/WPA/etc...), is there another alternative? Is there some other options that i'm not enabling on the captive portal?

Thanks in advance,
Gonzalo
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Nook

Do a "show datapath session table (ip address of nook)" to see what the nook is doing.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 23
Registered: ‎10-06-2009

Re: Nook

Thanks cjoseph,
anything with xxx.xxx is my network. It does not seem to be blocking anything but NTp (123) but thats ok because I don't allow it anyways.

splash below:
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 58931 1/181 0 0 3 tunnel 142 38 FSI
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 57566 1/181 0 0 2 tunnel 142 26 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 59578 1/181 0 0 2 tunnel 142 21 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 59739 1/181 0 0 3 tunnel 142 38 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 53689 1/181 0 0 1 tunnel 142 18 FSI
xxx.xxx.108.250 xxx.xxx.52.81 17 30124 53 1/180 0 0 13 tunnel 142 d1 FCI
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 55314 1/181 0 0 11 tunnel 142 b5 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 55934 1/181 0 0 13 tunnel 142 d2 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 50275 1/181 0 0 6 tunnel 142 5d FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 51156 1/181 0 0 2 tunnel 142 26 FSI
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 49304 1/181 0 0 9 tunnel 142 97 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 52701 1/181 0 0 13 tunnel 142 d0 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 51479 1/181 0 0 3 tunnel 142 38 FSI
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 48267 1/181 0 0 2 tunnel 142 22 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 49109 1/181 0 0 7 tunnel 142 7a FS


xxx.xxx.52.43 xxx.xxx.108.250 6 8080 42204 1/181 0 0 0 tunnel 142 3 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 41012 1/181 0 0 13 tunnel 142 d2 FS
xxx.xxx.108.250 xxx.xxx.52.43 6 38446 443 1/180 0 0 13 tunnel 142 d1 FNCI
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 44332 1/181 0 0 4 tunnel 142 3f FS
xxx.xxx.108.250 xxx.xxx.52.43 6 58931 443 1/180 0 0 3 tunnel 142 38 FNCI
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 38028 1/181 0 0 4 tunnel 142 47 FSI
xxx.xxx.52.43 xxx.xxx.108.250 6 8080 38164 1/181 0 0 3 tunnel 142 37 FS
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 38446 1/181 0 0 13 tunnel 142 d1 FSI
xxx.xxx.108.250 208.75.88.4 17 37181 123 1/180 0 0 0 tunnel 142 3 FDC
xxx.xxx.108.250 xxx.xxx.52.43 6 51156 443 1/180 0 0 2 tunnel 142 26 FNCI
xxx.xxx.52.43 xxx.xxx.108.250 6 8081 34692 1/181 0 0 2 tunnel 142 28 FSI
xxx.xxx.108.250 161.221.88.118 6 38164 80 1/180 0 0 3 tunnel 142 37 FNC
xxx.xxx.108.250 161.221.88.21 6 38028 443 1/180 0 0 4 tunnel 142 47 FNCI
xxx.xxx.108.250 161.221.88.21 6 34692 443 1/180 0 0 2 tunnel 142 28 FNCI
xxx.xxx.52.81 xxx.xxx.108.250 17 53 30124 1/181 0 0 13 tunnel 142 d1 FI


xxx.xxx.108.250 161.221.88.118 6 48267 80 1/180 0 0 2 tunnel 142 22 FNC
xxx.xxx.108.250 161.221.88.118 6 49109 80 1/180 0 0 8 tunnel 142 7a FNC
xxx.xxx.108.250 161.221.88.118 6 44332 80 1/180 0 0 4 tunnel 142 3f FNC
xxx.xxx.108.250 161.221.88.118 6 42204 80 1/180 0 0 0 tunnel 142 3 FNC
xxx.xxx.108.250 161.221.88.118 6 41012 80 1/180 0 0 13 tunnel 142 d2 FNC
xxx.xxx.108.250 161.221.88.118 6 55314 80 1/180 0 0 11 tunnel 142 b5 FNC
xxx.xxx.108.250 161.221.88.118 6 55934 80 1/180 0 0 13 tunnel 142 d2 FNC
xxx.xxx.108.250 161.221.88.179 17 54767 123 1/180 0 0 0 tunnel 142 1 FDC
xxx.xxx.108.250 161.221.88.21 6 53689 443 1/180 0 0 1 tunnel 142 18 FNCI
xxx.xxx.108.250 161.221.88.118 6 52701 80 1/180 0 0 13 tunnel 142 d0 FNC
xxx.xxx.108.250 161.221.88.21 6 51479 443 1/180 0 0 3 tunnel 142 38 FNCI
xxx.xxx.108.250 161.221.88.118 6 50275 80 1/180 0 0 6 tunnel 142 5d FNC
xxx.xxx.108.250 161.221.88.118 6 49304 80 1/180 0 0 9 tunnel 142 97 FNC
xxx.xxx.108.250 161.221.88.118 6 59578 80 1/180 0 0 2 tunnel 142 21 FNC
xxx.xxx.108.250 161.221.88.118 6 59739 80 1/180 0 0 4 tunnel 142 38 FNC


xxx.xxx.108.250 161.221.88.118 6 57566 80 1/180 0 0 2 tunnel 142 29 FNC
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Nook

All the lines with "8080" in your output indicate that the controller is trying to send the Captive portal screen to the device/client.

8080 is the port the controller uses to proxy HTTP (web browsers...) and present the captive portal page. 8081 is the port used for HTTPs proxy.

So the detection of the webbrowser and then the 'redirection' of the client to the captive portal piece is working...something else is not.

If you type on the controllers IP address into the browser on the NOOK what result do you get ?
Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Nook

I just had a similar issue. Make sure you have an IP address on the VLAN interface where the Nook is connected. For example, if your VAP puts the clients in VLAN 10, make sure you have an IP address on VLAN 10. If there is no IP address, the browser will get a 404, even if things are configured correctly.
Occasional Contributor II
Posts: 23
Registered: ‎10-06-2009

Re: Nook

thanks again...

@jfernyc - I see what you mean. As per the Nook site it says:
"Your NOOK will prompt you to accept any terms and conditions or enter any information needed to connect to that Wi-Fi hotspot."
A little more detail is in the manual but it could be summarized as above statement. We are buying a certificate to see if that helps the famous " Continue to this website (not recommended)" certificate error. We need to do that regardless, so its a good time for it. Hope it doesn't make it worse. :rolleyes:

@olino - The machine gets an IP and when I assign it to a role, it works fine. The Nook does not have a browser per say and it is having an issue deciphering what to do when it gets to the web portal. It is not the Nook Color but the new Nood Reader with wifi capabilities.

Thanks
G
Aruba
Posts: 760
Registered: ‎05-31-2007

Re: Nook

One additional approach would be that you could:

a) Leverage Device fingerprinting to identify all NOOKs
b) Create a NOOK role within the PEFNG feature-set, that triggers based on this fingerprint
c) Assign a policy for this NOOK role that bypasses the captive portal all together if you like
Occasional Contributor II
Posts: 23
Registered: ‎10-06-2009

Re: Nook

@jfernyc...
Thanks. I will look into it. The only issue I see would be that ALL Nooks, including not handed out by our org, may get on to the network. I guess I can then restrict the traffic regardless of what NOOK it is.
Thanks
Aruba
Posts: 760
Registered: ‎05-31-2007

Nook

You are correct, you can limit the policy to allow only "Nook required Protocols" whatever those may be ;)
Search Airheads
Showing results for 
Search instead for 
Did you mean: