ArubaOS and Controllers

Reply
New Contributor

Captive portal with proxy server set

We are using the captive portal for guest access, and would prefer if it operated without the users needing to adjust any proxy settings on their browsers.
The first issue is that the machine does a DNS lookup for the IP address of the proxy server. We can solve this one using the tip from Greig Bannister posted earlier. "If you have the PEF license is to DNAT DNS requests in the pre-authentication (probably logon) role to the controllers IP address. The controller has a built in DNS responder that will always respond with its own IP address and a lifetime of about 5 seconds. "
The next issue is that the browser issues a CONNECT request, which we can solve using this change to the access list from Aruba tech support
ip access-list session captiveportal
user alias mswitch svc-https permit
--> user any tcp dst-nat 8088
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
!
Reason behind it is that we spawned a web server on port 8088. This web server will be able to understand the CONNECT method.
The problem that remains is that the user authenticated page and the logout popup do not display in the browser. They get an HTTP 405 message. My guess is we need to somehow trap these pages via the same server as the login page on port 8088.
Any ideas? Anyone got a better way of doing this?
Thanks
Scott
Frequent Contributor I

hmmm...

How about the guest role?

Do we need to enable any thing on the guest role coz guests traffic going thru a 8088 web proxy?

Thanks in advance.

P.S. There are no proxy scripts in the web proxy...
Occasional Contributor I

Re: Captive portal with proxy server set

Try adding the controllers IP address to the browser proxy configuration where you exclude local address ranges from the proxy lookup. This will prove that it is just a proxy config issue and not the rules on the Aruba.
From a bigger picture point of view, do you really want your guest users to have to know about your upstream proxy? Maybe look into a transparent proxy redirect and then the guest wont have to worry about proxy issues at all.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: