Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 14
Registered: ‎10-01-2010

External Captive portal and Instant AP

I have a problem about integration of IAP ( Instant AP )and home made external captive portal..

 

The requested configuration is very simple.So User will be redirected to the third party external captive portal after WPA2 auth.

IAP assigns the pre-auth role( permit only dhcp,dns,and capvite portal server) to users that have authenticated with WPA2.

I see that IAP assigns Pre-auth role to user after success WPA2 auth.But user can access to anywhere although its role is pre-auth role.

External captive portal software is a web based software and it uses a own radius server.There are a two factor auth application..

First screen of captive portal includes username and password, second screen includes  sms passcode..

 

External captive portal sends a wellcome page after CP auth..This wellcome page includes a text..( for example "authenticated" )  , IAP should be parse this text and assign authenticated role. 

 

 


Hardware: IAP 105
Firmware: ArubaInstant_Orion_6.1.2.3-2.0.0.3_31389

 

Thaks,

Community Manager
Posts: 402
Registered: ‎04-02-2007

Re: External Captive portal and Instant AP

Hey aytan,

 

Moving the topic under APs category to get better visibility. 

Occasional Contributor II
Posts: 14
Registered: ‎10-01-2010

Re: External Captive portal and Instant AP

Thanks Ozer,

Aruba Employee
Posts: 8
Registered: ‎12-02-2011

Re: External Captive portal and Instant AP

Do you mind explaining further about the statement "But user can access to anywhere although its role is pre-auth role."?  We could not reproduce this behavior in house.  Can you also provide the output of "show datapath user" and "show datapath acl-all" when the client is associated to the portal SSID?

Aruba Employee
Posts: 8
Registered: ‎12-02-2011

Re: External Captive portal and Instant AP

When we tested in house, the pre-auth role only allowed the user to access the IPs that were permitted in the role.  Other websites all got redirected to the captive portal page.  That is the designed behavior.

 

Also, are there links off of the captive portal page?  if there are, these links would also be accessible by the user because we have a dynamic whitelist walled garden feature.

Occasional Contributor II
Posts: 14
Registered: ‎10-01-2010

Re: External Captive portal and Instant AP

Dear Yan,

Thanks for your answer.

Im working on IAP  yesterday. I have two big problem. 
IAP  is assigning Pre-auth role to user after first auth( WPA2).. 
But IAP could not redirect to external captive portal page after first auth( WPA2 ). 
So I tried to enter captive portal url manually.After success auth on captive portal , IAP could not assign authenticated role.. 
User role is not changed by IAP.Please find the topology ,errors and config file in attach..

 

Are there any incorrect notation for external captive portal URL and  authentication text..

 

 

By the way, I tried this config with  Controller, It can redirect to same URL successfully.. 

 

Note: authentication text is hidden in authenticated page of captive portal

 

Thanks,


Search Airheads
Showing results for 
Search instead for 
Did you mean: