Controller-less WLANs

Captive Portal for browsers with proxy configuration on IAP

Aruba Employee
Q:

Can I customize proxy ports with captive portal authentication on IAP?



A:
This article is applicable to IAP running code 4.2. 
 
 IAP support for Captive Portal was only available for standard ports 443 and 80.   We added support for customized ports, which allows client to use proxy server and port when connected to Captive Portal network.
 

There are 2 ways to configure Captive Portal proxy server and port:

1.  In wlan ssid-profile

18:64:72:c1:36:d6 (config) # wlan ssid-profile test

18:64:72:c1:36:d6 (SSID Profile "test") # captive-portal-proxy-server 10.65.184.99 7788     ---- enable proxy

18:64:72:c1:36:d6 (SSID Profile "test") # no captive-portal-proxy-server                                 ---- disable proxy

18:64:72:c1:36:d6 (SSID Profile "test") # end

18:64:72:c1:36:d6# commit apply 

 

2.  Global configuration

18:64:72:c1:36:d6 (config) # proxy server 10.65.184.103 7788                                               ---- enable proxy

18:64:72:c1:36:d6 (config) # no proxy server                                                                           ---- disable proxy

18:64:72:c1:36:d6 (config) # end

18:64:72:c1:36:d6# commit apply 

 

Priority:

If both configuration exist, IAP will take profile-specific setting as high priority.

 

SSID profile config on UI

Global config on UI

 

Datapath ACL for CP pre-auth role, IAP will listen port 7788 for packet from client,  as well as port 80 && 443

18:64:72:c1:36:d6#  show datapath acl 118

14:  any  any  6 0-65535 80-80  172.31.98.2 172.31.98.1 8080 PSD4  hits 4

15:  any  any  6 0-65535 7788-7788  172.31.98.2 172.31.98.1 8080 PSD4  hits 246

16:  any  any  6 0-65535 443-443  172.31.98.2 172.31.98.1 4343 PSD4 

 

Debug syslog , check tinyproxy event

Jun 30 17:41:13  tinyproxy[1757]: handle_connection: 2388: request for http://10.64.18.201:80/guest/bmrpl.php?cmd=login&mac=3c:a9:f4:42:78:3c&essid=test&ip=10.65.24.186&apname=18%3A64%3A72%3Ac3%3Ac0%3A20_115-3&apmac=18%3A64%3A72%3Ac3%3Ac0%3A20&vcname=instant-C7%3AE6%3AE4&switchip=securelogin.arubanetworks.com&url=http%3A%2F%2Fwww.bing.com%2Fgenerate_204 is proxied to original URL

Jun 30 17:41:13  tinyproxy[1757]: Closed connection between local client (fd:9) and remote client (fd:11), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0

Jun 30 17:41:13  tinyproxy[16710]: Closed connection between local client (fd:9) and remote client (fd:12), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0

Jun 30 17:41:13  tinyproxy[16440]: handle_connection: 2388: request for http://10.64.18.201:80/guest/images/icon-cross22.png is proxied to original URL

Jun 30 17:41:13  tinyproxy[16440]: process_server_headers: 1220: not building auto whitelist due to content-type being 'image/png'

Jun 30 17:41:13  tinyproxy[16440]: Closed connection between local client (fd:9) and remote client (fd:12), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0

Jun 30 17:41:15  tinyproxy[1754]: handle_connection: 2388: request for http://10.64.18.201:80/guest/external/bg_hi.png is proxied to original URL

Jun 30 17:41:15  tinyproxy[1754]: process_server_headers: 1220: not building auto whitelist due to content-type being 'image/png'

Jun 30 17:41:15  tinyproxy[1754]: Closed connection between local client (fd:9) and remote client (fd:11), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0

Jun 30 17:41:17  tinyproxy[1755]: handle_connection: 2388: request for http://10.64.18.201:80/guest/bmrpl.php?_browser=1 is proxied to original URL

Jun 30 17:41:17  tinyproxy[1755]: Closed connection between local client (fd:9) and remote client (fd:11), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0

Jun 30 17:41:17  tinyproxy[1756]: handle_connection: 2388: request for http://securelogin.arubanetworks.com:443(null) is proxied to original URL

Version history
Revision #:
2 of 2
Last update:
‎08-17-2015 12:41 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.