Security

Reply
Contributor I

BYOD Setup SSID Webpage redirection

I am trying to create an SSID, that forces all users to land on an external wepage that gives users information regarding BYOD and how to setup their devices.  So far I have created the open SSID, and have created a rule with dst-nat to my external web server, but it doesn't work well.  Shortcuts on browsers are causing weird errors from my webserver because the url doesn't exist and ssl doesn't seem to work well either.  Any ideas?  I thought this would be simple (and maybe it is) but I am hitting some bumps here.  Thanks for any help.

Super Contributor II

Re: BYOD Setup SSID Webpage redirection

Could you not just a set a rule to give access to the external web server.

Then configure the 'Captive Portal' for your default User Profile for your SSID. Your 'Captive Portal' would point to the URL of your external web server

 

Aruba_CaptivePortal.png

 

I think this should work anyway I could be missing something more obvious!

Guru Elite

Re: BYOD Setup SSID Webpage redirection

What types of browser errors are you seeing?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: BYOD Setup SSID Webpage redirection

I've tried just that.  I have an access rule that allows to my web server.  I have captive portal login page set as the web address of my server, but that does not force a redirect.  So when someones browser comes up, it just stalls on whatever page it is trying to load.

Guru Elite

Re: BYOD Setup SSID Webpage redirection

Does the controller have a layer 3 interface in the VLAN that the user's
are in? This is required for redirection.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: BYOD Setup SSID Webpage redirection

The way i have it configured right now, it seems the dst-nat rule is doing most of the work, but that is not overwriting the url, it just changes the destination ip, so someone going to www.google.com/something/whatever.php, it changes it to http://IPADDRESS-OF-MY-SERVER/something/whatever.php.  I guess I could do some sort of rewrite rule on apache worl work.  Still https issues, my guess is because of certificates showing wrong somain vs the certificate.  Also deosn't help that i don't yet have a certificate on the webserver yet.  If I can get http working correctly, I figure https will follow.

Contributor I

Re: BYOD Setup SSID Webpage redirection

It does... in fact the vlan that users are being placed into is a natted network.

Re: BYOD Setup SSID Webpage redirection

Make sure DNS and http/https is allowed  , you should run the following command to make sure nothing is getting blocked : show datapath session table <client ip address>

 

Confirm that you have configured the Captive portal profile under the user-role you have setup for your initial role

 

Security User Roles_2013-09-26_23-40-12.png

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Contributor I

Re: BYOD Setup SSID Webpage redirection

I did finally get it to work.  The main problem seemed to be the order of policies in the user role I had defined.  I had to put the http and https allow for my external web server above the captive portal policy.  After that it worked like buttah!

gem
Contributor I

Re: BYOD Setup SSID Webpage redirection

RMorely, 

do you have the users authenticate at all (and thus change user group) or they stay "unauthenticated" with limited access just to the webserver?

Do you have also have an ACL to block all other traffic to everywhere else appart from your web-server?

 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: