Aruba Instant & Cloud Wi-Fi

Reply
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Instant does not redirect to Clearpass

Tried a few different clients/browsers and no-one gets redirected to the captive portal URL.

 

You can type in the URL and go there directly though and login no problem, so fairly confident the Clearpass side is correct. Going to any other URL directly results in a blank page. Users have correct role 'guest-login' in Instant.

 

Pretty basic setup so not at all clear why this is not working.

 

wlan access-rule "Guest"
index 3
captive-portal external profile "Guest"
rule any any match any any any deny

wlan access-rule guest-guest
index 4
rule any any match any any any permit log

wlan access-rule guest-presenter
index 5
rule any any match any any any permit log

wlan access-rule guest-contractor
index 6
rule any any match any any any permit log

wlan access-rule guest-login
index 7
captive-portal external profile "Guest"
rule any any match any any any deny

wlan ssid-profile "Guest"
enable
index 1
type guest
essid "Guest"
opmode opensystem
max-authentication-failures 0
vlan guest
auth-server clearpass
set-role-pre-auth guest-login
set-role Aruba-User-Role value-of
rf-band all
captive-portal external profile "Guest"
mac-authentication
dtim-period 1
inactivity-timeout 1000
broadcast-filter arp
radius-reauth-interval 60
radius-accounting
radius-interim-accounting-interval 60
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

wlan auth-server clearpass
ip 10.1.22.9
port 1812
acctport 1813
key <snip>
rfc3576
cppm-rfc3576-port 5999

wlan external-captive-portal "Guest"
server clearpass.<snip>.com
port 443
url "clearpass.<snip>.com/guest/login.php"
auth-text ""
auto-whitelist-disable
https


--
ACMA ACMP
MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: Instant does not redirect to Clearpass

One thing you are missing is a rule allowing http/https to your clearpass server 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Instant does not redirect to Clearpass

So added these rules and no change...can go direct but no redirect on any browser/platform.

 

Even weirder traffic is disregarding these rules anyway and being let straight through..

 

Sep 9 14:22:12 10.1.22.43 stm[1529]: <124006> <WARN> <10.1.22.43 24:DE:C6:C3:ED:3E> TCP srcip=172.31.98.3 srcport=60611 dstip=74.125.31.95 dstport=443, action=src-nat
Sep 9 14:22:12 10.1.22.43 stm[1529]: <124006> <WARN> <10.1.22.43 24:DE:C6:C3:ED:3E> TCP srcip=172.31.98.3 srcport=44743 dstip=173.194.72.95 dstport=443, action=src-nat

 

But the page still can't load. These logs are from a client with the guest-login role:

 

wlan access-rule guest-login
index 7
captive-portal external profile "Guest"
rule any any match udp 67 68 permit log
rule any any match udp 53 53 permit log
rule 10.1.22.9 255.255.255.255 match any any any permit log
rule any any match any any any deny log

 

 


--
ACMA ACMP
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Instant does not redirect to Clearpass

And took 5 minutes to prove the clearpass config was correct with an ArubaOS version of the SSID. Instant fails to live up to it's name again.


--
ACMA ACMP
Aruba
Posts: 1,287
Registered: ‎08-29-2007

Re: Instant does not redirect to Clearpass

In your config for the captive portal, for the url I believe you only need this, not the full path.

 

url /guest/login.php


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Regular Contributor I
Posts: 180
Registered: ‎12-17-2008

Re: Instant does not redirect to Clearpass

Ah that was it.

 

Total misuse of the term URL and this is the doco for it with no examples:

 

"URL Enter the URL for the external captive portal server."

 

Frustrating to find time wasters like this.


--
ACMA ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: