IAP support for Captive Portal was only available for standard ports 443 and 80. We added support for customized ports, which allows client to use proxy server and port when connected to Captive Portal network.
There are 2 ways to configure Captive Portal proxy server and port:
1. In wlan ssid-profile
18:64:72:c1:36:d6 (config) # wlan ssid-profile test
18:64:72:c1:36:d6 (SSID Profile "test") # captive-portal-proxy-server 10.65.184.99 7788 ---- enable proxy
18:64:72:c1:36:d6 (SSID Profile "test") # no captive-portal-proxy-server ---- disable proxy
18:64:72:c1:36:d6 (SSID Profile "test") # end
18:64:72:c1:36:d6# commit apply
2. Global configuration
18:64:72:c1:36:d6 (config) # proxy server 10.65.184.103 7788 ---- enable proxy
18:64:72:c1:36:d6 (config) # no proxy server ---- disable proxy
18:64:72:c1:36:d6 (config) # end
18:64:72:c1:36:d6# commit apply
Priority:
If both configuration exist, IAP will take profile-specific setting as high priority.
SSID profile config on UI
Global config on UI
Datapath ACL for CP pre-auth role, IAP will listen port 7788 for packet from client, as well as port 80 && 443
18:64:72:c1:36:d6# show datapath acl 118
…
14: any any 6 0-65535 80-80 172.31.98.2 172.31.98.1 8080 PSD4 hits 4
15: any any 6 0-65535 7788-7788 172.31.98.2 172.31.98.1 8080 PSD4 hits 246
16: any any 6 0-65535 443-443 172.31.98.2 172.31.98.1 4343 PSD4
Debug syslog , check tinyproxy event
Jun 30 17:41:13 tinyproxy[1757]: handle_connection: 2388: request for http://10.64.18.201:80/guest/bmrpl.php?cmd=login&mac=3c:a9:f4:42:78:3c&essid=test&ip=10.65.24.186&apname=18%3A64%3A72%3Ac3%3Ac0%3A20_115-3&apmac=18%3A64%3A72%3Ac3%3Ac0%3A20&vcname=instant-C7%3AE6%3AE4&switchip=securelogin.arubanetworks.com&url=http%3A%2F%2Fwww.bing.com%2Fgenerate_204 is proxied to original URL
Jun 30 17:41:13 tinyproxy[1757]: Closed connection between local client (fd:9) and remote client (fd:11), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0
Jun 30 17:41:13 tinyproxy[16710]: Closed connection between local client (fd:9) and remote client (fd:12), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0
Jun 30 17:41:13 tinyproxy[16440]: handle_connection: 2388: request for http://10.64.18.201:80/guest/images/icon-cross22.png is proxied to original URL
Jun 30 17:41:13 tinyproxy[16440]: process_server_headers: 1220: not building auto whitelist due to content-type being 'image/png'
Jun 30 17:41:13 tinyproxy[16440]: Closed connection between local client (fd:9) and remote client (fd:12), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0
Jun 30 17:41:15 tinyproxy[1754]: handle_connection: 2388: request for http://10.64.18.201:80/guest/external/bg_hi.png is proxied to original URL
Jun 30 17:41:15 tinyproxy[1754]: process_server_headers: 1220: not building auto whitelist due to content-type being 'image/png'
Jun 30 17:41:15 tinyproxy[1754]: Closed connection between local client (fd:9) and remote client (fd:11), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0
Jun 30 17:41:17 tinyproxy[1755]: handle_connection: 2388: request for http://10.64.18.201:80/guest/bmrpl.php?_browser=1 is proxied to original URL
Jun 30 17:41:17 tinyproxy[1755]: Closed connection between local client (fd:9) and remote client (fd:11), user 10.65.24.186(3c:a9:f4:42:78:3c) on 'test', user_authenticated=0
Jun 30 17:41:17 tinyproxy[1756]: handle_connection: 2388: request for http://securelogin.arubanetworks.com:443(null) is proxied to original URL