Security

Reply
Occasional Contributor II
Posts: 22
Registered: ‎01-20-2012

Captive Portal Re-direct

I basically followed this KB article to setup a guest network :

 

http://support.arubanetworks.com/Default.aspx?tabid=111

 

 

My thinking is to have a guest network that requires a WPA-PSK.  Once a user enters that PSK they are redirected to a captive portal page with acceptable use policy with a button that says "I AGREE" at the bottom.  User clicks that and goes about their merry way.

 

Everything is working except the "I AGREE" button.  When i click it just loops me right back to the same page.  I'm not a HTML guy but i'm thinking it has somethign to do with this line:

 

<form name="form1" method="post" action="/auth/index.html/u">

 

Not sure how to get that "I AGREE" button working

 

ANy ideas?

 

Guru Elite
Posts: 20,577
Registered: ‎03-29-2007

Re: Captive Portal Re-direct

What version of ArubaOS?  Did you make a custom HTML page?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 22
Registered: ‎01-20-2012

Re: Captive Portal Re-direct

[ Edited ]

3400 Controller

AP 105's

ArubaOS 6.1.2.2

 

I created a custom HTML page that basically has acceptable use policy with an "I Agree" button at the bottom.  Once a user clicks that I AGREE button they should be able to freely browse the internet.

 

My HTML :

 

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

<!DOCTYPE HTML PUBLIC"-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>

<title>Public wireless Internet access</title>

 

<style type="text/css">

body {

font-family: Verdana, Arial, Helvetica, sans-serif;

font-size: 12px;

background-color: #FFFFFF;

margin: 10px;

padding: 10px;

}

h1 { font-size: 16px; font-weight: bold; }

h2 { font-size: 14px; font-weight: bold; }

p, ul, li, input { }

</style>

</head>

<body>

<h1 align="center">Company C<br/>Guest Wireless Access Acceptable Use Policy</h1>

<p>

This Policy is a guide to the acceptable use of the Company C Guest Wireless network facilities and services.

<br/><br/>

Any individual connected to the Guest Wireless Network in order to use it directly or to connect to any other network(s), must comply with this policy, the stated purposes and Acceptable Use policies of any other network(s) or host(s) used, and all applicable laws, rules, and regulations.

<br/><br/>

COMPANY C MAKES NO REPRESENTATIONS OR WARRANTIES CONCERNING THE AVAILABILITY OR SECURITY OF THE GUEST WIRELESS NETWORK, AND ALL USE IS PROVIDED ON AN AS-IS BASIS. BY USING THE GUEST WIRELESS NETWORK YOU AGREE TO DEFEND, INDEMNIFY, AND HOLD HARMLESS COMPANY C FOR ANY LOSSES OR DAMAGES THAT MAY RESULT FROM YOUR USE OF THE GUEST WIRELESS NETWORK.

<br/><br/>

Company C takes no responsibility and assumes no liability for any content uploaded, shared, transmitted, or downloaded by you or any third party, or for anything you may encounter or any data that may be lost or compromised while connected to the Guest Wireless Network.

<br/><br/>

Company C reserves the right to disconnect any user at any time and for any reason. The Guest Wireless Network is provided as a courtesy to allow our guests access to the internet. Users will not be given access to the Company C intranet or permission to install any software on our computers.

<br/><br/>

Inappropriate use of the Guest Wireless Network is not permitted. This policy does not enumerate all possible inappropriate uses but rather presents some guidelines (listed below) that COmpany C may at any time use to make a determination that a particular use is inappropriate:

</p>

<ul>

<li>Users must respect the privacy and intellectual property rights of others.</li>

<li>Users must respect the integrity of our network and any other public or private computing and network systems.</li>

<li>Use of the Guest Wireless Network for malicious, fraudulent, or misrepresentative purposes is prohibited.</li>

<li>The Guest Wireless Network may not be used in a manner that precludes or hampers other users access to the Guest Wireless Network or other any other networks.</li>

<li>Nothing may be installed or used that modifies, disrupts, or interferes in any way with service for any user, host, or network.</li>

</ul>

<br><br>

<b>CLICK ON THE BUTTON BELOW TO ACCEPT THE ABOVE POLICY TERMS.</b></font></div>

<div align="center">

<br><br><br>

<form name="form1" method="post" action="/auth/index.html/u">

<span class="bodytext">

<input type="hidden" id="email" name="email" type="text" value="user@company.com" class="text" accesskey="e" />

<input type="hidden" name="cmd" value="authenticate" />

<input type="submit" name="Login" value="I ACCEPT" class="button" />

</span>

</form>

</div>

</body>

</html

 

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Captive Portal Re-direct

When you have the CP page up, do a "show user" on the controller and see what role the user is in.  Is it the guest-logon role?  Then, click the accept button.  Did the user switch to the guest role?  If so, it is an ACL problem.  If not, it is an authentication problem.

Occasional Contributor II
Posts: 11
Registered: ‎03-11-2010

Re: Captive Portal Re-direct

hi mike,

have you managed to solve the issue ?

i'm encountering same proble here

 

rgd

ylt

Guru Elite
Posts: 20,577
Registered: ‎03-29-2007

Re: Captive Portal Re-direct

yelynntun,

 

Did you try to get it working with a regular captive portal page first?  You should try that before applying the custom page.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 11
Registered: ‎03-11-2010

Re: Captive Portal Re-direct

hi collin,

 

thanks for the prompt reply.

I just manage to get it work with custom portal.

 

There are three things I amend but I've no idea which one solved my problem

 

i) enable guest logon in custom CP profile

ii) add "user any udp 68 deny" ip acl session on the top which applied to "guest" role

iii) add acl statement  "user alias mswitch svc-https dst-nat 8081" in cp acl session (But i already have for http dst-nat 8080)

 

do you have any idea which exactly sort it out ?

 

best wishes

ylt

Guru Elite
Posts: 20,577
Registered: ‎03-29-2007

Re: Captive Portal Re-direct

I and III are necessary.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: