01-01-2012 04:56 AM
I have a problem about integration of IAP ( Instant AP )and home made external captive portal..
The requested configuration is very simple.So User will be redirected to the third party external captive portal after WPA2 auth.
IAP assigns the pre-auth role( permit only dhcp,dns,and capvite portal server) to users that have authenticated with WPA2.
I see that IAP assigns Pre-auth role to user after success WPA2 auth.But user can access to anywhere although its role is pre-auth role.
External captive portal software is a web based software and it uses a own radius server.There are a two factor auth application..
First screen of captive portal includes username and password, second screen includes sms passcode..
External captive portal sends a wellcome page after CP auth..This wellcome page includes a text..( for example "authenticated" ) , IAP should be parse this text and assign authenticated role.
Hardware: IAP 105
01-04-2012 12:27 PM
Do you mind explaining further about the statement "But user can access to anywhere although its role is pre-auth role."? We could not reproduce this behavior in house. Can you also provide the output of "show datapath user" and "show datapath acl-all" when the client is associated to the portal SSID?
01-04-2012 12:29 PM
When we tested in house, the pre-auth role only allowed the user to access the IPs that were permitted in the role. Other websites all got redirected to the captive portal page. That is the designed behavior.
Also, are there links off of the captive portal page? if there are, these links would also be accessible by the user because we have a dynamic whitelist walled garden feature.
01-11-2012 11:27 PM
Thanks for your answer.
Im working on IAP yesterday. I have two big problem.
IAP is assigning Pre-auth role to user after first auth( WPA2)..
But IAP could not redirect to external captive portal page after first auth( WPA2 ).
So I tried to enter captive portal url manually.After success auth on captive portal , IAP could not assign authenticated role..
User role is not changed by IAP.Please find the topology ,errors and config file in attach..
Are there any incorrect notation for external captive portal URL and authentication text..
By the way, I tried this config with Controller, It can redirect to same URL successfully..
Note: authentication text is hidden in authenticated page of captive portal