09-26-2013 01:14 PM
I am trying to create an SSID, that forces all users to land on an external wepage that gives users information regarding BYOD and how to setup their devices. So far I have created the open SSID, and have created a rule with dst-nat to my external web server, but it doesn't work well. Shortcuts on browsers are causing weird errors from my webserver because the url doesn't exist and ssl doesn't seem to work well either. Any ideas? I thought this would be simple (and maybe it is) but I am hitting some bumps here. Thanks for any help.
Solved! Go to Solution.
09-26-2013 01:23 PM
Could you not just a set a rule to give access to the external web server.
Then configure the 'Captive Portal' for your default User Profile for your SSID. Your 'Captive Portal' would point to the URL of your external web server
I think this should work anyway I could be missing something more obvious!
09-26-2013 01:44 PM
I've tried just that. I have an access rule that allows to my web server. I have captive portal login page set as the web address of my server, but that does not force a redirect. So when someones browser comes up, it just stalls on whatever page it is trying to load.
09-26-2013 01:48 PM
09-26-2013 01:56 PM
The way i have it configured right now, it seems the dst-nat rule is doing most of the work, but that is not overwriting the url, it just changes the destination ip, so someone going to www.google.com/something/whatever.php, it changes it to http://IPADDRESS-OF-MY-SERVER/something/whatever.php. I guess I could do some sort of rewrite rule on apache worl work. Still https issues, my guess is because of certificates showing wrong somain vs the certificate. Also deosn't help that i don't yet have a certificate on the webserver yet. If I can get http working correctly, I figure https will follow.
09-26-2013 08:42 PM
Make sure DNS and http/https is allowed , you should run the following command to make sure nothing is getting blocked : show datapath session table <client ip address>
Confirm that you have configured the Captive portal profile under the user-role you have setup for your initial role
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
09-27-2013 11:57 AM
I did finally get it to work. The main problem seemed to be the order of policies in the user role I had defined. I had to put the http and https allow for my external web server above the captive portal policy. After that it worked like buttah!
09-30-2013 06:03 AM
do you have the users authenticate at all (and thus change user group) or they stay "unauthenticated" with limited access just to the webserver?
Do you have also have an ACL to block all other traffic to everywhere else appart from your web-server?