Command of the Day

Reply
Aruba Employee

COTD: ip cp-redirect-address

Problem Statement:
I am currently trying to configure an additional SSID for guest use. We would like to use Captive Portal to display our AUP/TOS prior to accessing the guest wireless network.
VLAN 1: This vlan contains the controller’s internal management/main IP, employees connect to this VLAN which provides them secure internal network 10.1.1.0/24. Slave controllers communicate with the master over the secure network.
VLAN 3: This vlan is configured for guest access. The unsecure vlan (3) connects to the inside of an Internet firewall running DHCP and default gateway services for this subnet. The firewall assigns clients IPs from the 192.168.1.0/24 range of IP addresses. The Aruba controller is assigned 192.168.1.200 on vlan interface 3.
On VLAN 3 guests are able to connect and receive an IP address from the firewall. The problem we see is that when captive portal is enabled it is using an address from secure VLAN 1 (ie. https://10.1.1.20) rather than the address from the guest VLAN 3 (192.168.1.200). The IP address from VLAN 1 is not accessible to the hosts on VLAN 3 (by design)…therefore captive portal authentication is failing.
I have been unable to find a way to define the IP that the captive portal page originates from. If I was able to define the captive portal login as https://192.168.1.200 the problem would be solved.
Solution:
The interface used by Captive Portal can be configured from CLI as in the following example:
(Aruba6000-wifi) #config t
(Aruba6000-wifi) (config) #ip cp-redirect-address 192.168.1.200
(Aruba6000-wifi) #exit
MVP

Re: COTD: ip cp-redirect-address


Problem Statement:
The interface used by Captive Portal can be configured from CLI as in the following example:
(Aruba6000-wifi) #config t
(Aruba6000-wifi) (config) #ip cp-redirect-address 192.168.1.200
(Aruba6000-wifi) #exit




The 3.4 user manual lists "ip cp-redirect-address
" but then says to use the following with PEF license:
netdestination cp-redirect ipaddr
ip access-list session captiveportal
user alias cp-redirect svc-https permit
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081


I'm guessing this is only required if you have multiple captive portals in different vlans and the "ip cp-redirect-address
" will work fine for PEF license installation with only 1 CP? Or how exactly does one interpret this?
Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: