Controller Based WLANs

Why are the users not getting the splash page after uploading the customized captive portal page on the controller to show only the “acceptable use policy”?

by on ‎07-16-2014 11:50 AM

Environment : This article applies to all the controller models and AOS versions.

 

Requirement is that the clients should get only the acceptable user policy page without needing them to authenticate using a username and password.

 

Even after configuring the right role and related policies, clients are still getting the splash page asking to enter the username and password.

 

Most likely the configuration in the captive portal page is incorrect or incomplete. Execute the following command and verify if:

  1. Guest and user login are disabled in the captive portal profile
  2. “show acceptable user policy” know is enabled in the captive portal profile

 
(NS-Aruba-3200) #show aaa authentication captive-portal default
 
Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter                                          Value
---------                                          -----
Default Role                                       guest
Default Guest Role                                 guest
Server Group                                       default
Redirect Pause                                     10 sec
User Login                                         Enabled
Guest Login                                        Disabled
Logout popup window                                Enabled
Use HTTP for authentication                        Disabled
Logon wait minimum wait                            5 sec
Logon wait maximum wait                            10 sec
logon wait CPU utilization threshold               60 %
Max Authentication failures                        0
Show FQDN                                          Disabled
Authentication Protocol                            PAP
Login page                                         /auth/index.html
Welcome page                                       /auth/welcome.html
Show Welcome Page                                  Yes
Add switch IP address in the redirection URL       Disabled
Adding user vlan in redirection URL                Disabled
Add a controller interface in the redirection URL  N/A
Allow only one active user session                 Enabled
White List                                         N/A
Black List                                         N/A
Show the acceptable use policy page                Disabled
User idle timeout                                  N/A
Redirect URL                                       N/A
Bypass Apple Captive Network Assistant             Disabled
 
In order for the users to get only the “acceptable user policy” page without any actual authentication, we need to have:

  1. User Login and Guest login to be disable in the captive portal profile
  2. show acceptable user policy” to be enabled in the captive portal profile

 

To make the necessary changes:

WebUI

  1. Navigate to Configuration> Authentication> L3 Authentication> Captive Portal Authentication
  2. Disable “User Login
  3. Disable “Guest Login
  4. Enable “show the acceptable use policy page
  5. Click “Apply

 

rtaImage.png

 

CLI:

(NS-Aruba-3200) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
 
(NS-Aruba-3200) (config) #aaa authentication captive-portal default
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #no user-logon
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #no guest-logon
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #show-acceptable-use-policy
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #end
(NS-Aruba-3200) #
 
To verify if the changes have taken effect:

(NS-Aruba-3200) #show aaa authentication captive-portal default
 
Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter                                          Value
---------                                          -----
Default Role                                       guest
Default Guest Role                                 guest
Server Group                                       default
Redirect Pause                                     10 sec
User Login                                         Disabled
Guest Login                                        Disabled
Logout popup window                                Enabled
Use HTTP for authentication                        Disabled
Logon wait minimum wait                            5 sec
Logon wait maximum wait                            10 sec
logon wait CPU utilization threshold               60 %
Max Authentication failures                        0
Show FQDN                                          Disabled
Authentication Protocol                            PAP
Login page                                         /auth/index.html
Welcome page                                       /auth/welcome.html
Show Welcome Page                                  Yes
Add switch IP address in the redirection URL       Disabled
Adding user vlan in redirection URL                Disabled
Add a controller interface in the redirection URL  N/A
Allow only one active user session                 Enabled
White List                                         N/A
Black List                                         N/A
Show the acceptable use policy page                Enabled
User idle timeout                                  N/A
Redirect URL                                       N/A
Bypass Apple Captive Network Assistant             Disabled
 
(NS-Aruba-3200) #

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.