ArubaOS and Controllers

Reply
Contributor II
Posts: 59
Registered: ‎02-22-2011

Captive Portal page not displaying

I've followed the user guide for the captive portal configuration, but the captive portal page doesn't display. I have a DHCP scope on the controller with public IPs and the controller is the .1, default gateway. When I initially connect to the guest SSID I get put in the guest-logon role, which should be the correct role for the Captive Portal page to load. That role has access to captiveportal and guest-logon-access with allows DNS.

I'm not sure what I'm missing for the Captive portal page to be displayed. If I type the IP address of the controller, the captive portal page will display, but after I login, the browser screen goes blank and I still cannot access the internet.

Bob
Regular Contributor II
Posts: 205
Registered: ‎09-28-2010

Re: Captive Portal page not displaying

The only time we've seen the captive portal page not display is when the user had a proxy set in their browser.

Probably not your issue, but something to look at.
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Captive Portal page not displaying


I've followed the user guide for the captive portal configuration, but the captive portal page doesn't display. I have a DHCP scope on the controller with public IPs and the controller is the .1, default gateway. When I initially connect to the guest SSID I get put in the guest-logon role, which should be the correct role for the Captive Portal page to load. That role has access to captiveportal and guest-logon-access with allows DNS.

I'm not sure what I'm missing for the Captive portal page to be displayed. If I type the IP address of the controller, the captive portal page will display, but after I login, the browser screen goes blank and I still cannot access the internet.

Bob




Rgarlin,

What role does the user get after authenticating successfully?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee
Posts: 119
Registered: ‎05-16-2007

Re: Captive Portal page not displaying

This is most likely because DNS isn't resolving for your client. If the CP page doesn't display, but DOES display if you type in an IP address, then you need to investigate DNS from the client.

When the browser tries a hostname, it resolves that hostname via DNS. Once received, it will issue a port 80 http call to the IP address it received. It's during that port 80 http call that CP redirection happens.

If the DNS never happens, then the http call never happens and of course, the CP doesn't display.

This also is probably the cause of you not going "to the internet" even after you auth via the CP.

I'd put money on this being your issue. Use CMD to test DNS resolution--either pinging a hostname or doing an nslookup.
Contributor II
Posts: 59
Registered: ‎02-22-2011

Guest role and DNS

When the client connects to the SSID, he is in the guest-logon role, which I thought was the correct role from the user guide.

DNS isn't work, but I'm not sure if that is my problem. If I type an IP Address in the web browser, I still don't get redirected to the captive portal page. If it was just a DNS issue than that should work.

If I use nslookup DNS fails, but I have the FW policies to allow DNS, Using a sniffer on the wired side, I can capture the client's DNS request going to the DNS server and the DNS server replies back, but the controller does not allow the request back to the wireless client.

Bob
Guru Elite
Posts: 21,269
Registered: ‎03-29-2007

Re: Captive Portal page not displaying

Does the controller have a public ip address? If it does, then the default gateway of the controller needs to be the next hop router ip address for this to work. In addition, the controller needs to be natting the private ip addresses out of that public ip address. You do that by finding the VLAN of the wireless clients and putting "ip nat inside" under it, on the controller. So if the wireless clients are in vlan 1, you do this:

config t
interface vlan 1
ip nat inside

write mem

Do this and see if the clients can now resolve DNS.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 59
Registered: ‎02-22-2011

Re: Captive Portal page not displaying

The Controller has a Public IP for the management, but the clients are also getting a public IP. A client gets a .254 from a class C public IP space, and the controller has the .1. Since the guest subnet is a public IP space, I didn't think I needed to nat.

Is the captive portal and guest access design to have the clients to be natted?

Bob
Aruba Employee
Posts: 119
Registered: ‎05-16-2007

Re: Captive Portal page not displaying

Clients don't need to be natted....but the controller must have an interface in address space that's accessible from the client device for the CP page to display.

You said in your original message that if you type in the IP address then the CP displays...is that not true?
Contributor II
Posts: 59
Registered: ‎02-22-2011

Re: Captive Portal page not displaying

Yes it does. The controller is the default gateway, the .1 address, so if I launch a web browser from the wireless guest client and type x.x.x.1 the captive portal page displays. However, when I try to login with an account I created on the controller, I don't get redirected to the welcome screen.

Bob
Aruba Employee
Posts: 135
Registered: ‎06-18-2007

Re: Captive Portal page not displaying

Hi,

As others have pointed out, this looks like a DNS issue. You need to get this fix before the CP page will be displayed.

With regards to the DNS not working, check your roles/etc to make sure it's all good. I don't see any reason why the controller will not return the DNS traffic to the client. For testing, I would apply the allow-all role/policy as the guest logon role and see if that makes a difference.

Post the details of the following command:
"show rights guest-logon"

-Mike
Search Airheads
Showing results for 
Search instead for 
Did you mean: