Security

Reply
Occasional Contributor I
Posts: 9
Registered: ‎12-13-2012

Captive Portal fails to launch on Android phones

Hello all,

 

I'm hoping someone can point me in the right direction.

 

We have a captive portal setup for guest wireless access that requires the user to accept our usage policy and provide an email address. While this works fine for our iPhone users, Windows and Apple laptops, the same cannot be said for our Android users. The captive portal never launches even when they open a browser and attempt to go to a web page.

 

Running a "show datapath session table" shows the Android device contacting the DNS server with flag "FYI" which I think means the DNS server is not responding. But other devices have no problem with reaching the DNS server so I don't think it's routing related.

 

Has anyone run into this before?

 

- Nina

MVP
Posts: 2,994
Registered: ‎10-25-2011

Re: Captive Portal fails to launch on Android phones

Which version you got of firmware?

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Captive Portal fails to launch on Android phones

[ Edited ]

Sounds like it might be an OCSP issue. Do you have HTTPS enabled in the captive portal profile; can you try it without it?      Are you seeing anything other than DNS looks up for that session?

 

If you can get there with HTTP only, then look to implement a rule to allow OCSP lookups in the login role.    There ar some posts on this forum for this.  You can also verify this is the case with Firefox on a Windows machine.

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 9
Registered: ‎12-13-2012

Re: Captive Portal fails to launch on Android phones

NighShade1,

 

We have version 6.1.3.5

Occasional Contributor I
Posts: 9
Registered: ‎12-13-2012

Re: Captive Portal fails to launch on Android phones

clembo,

 

We use HTTP for the captive portal redirect.

 

There is nothing else on the table besides DNS lookup.  Below is a typical output from an Anroid phone:

207.172.11.15 and 207.172.11.16 are the DNS servers

 

 

show datapath session table 192.168.210.203

Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal
       u - User Index

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge UsrIdx UsrVer Flags
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- ------ ------ -----
207.172.11.16   192.168.210.203 17   53    28434  1/4     0 96  0   tunnel 2617 4    0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.15   192.168.210.203 17   53    30412  1/4     0 96  1   tunnel 2617 16   0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.15   192.168.210.203 17   53    2408   1/4     0 96  1   tunnel 2617 16   0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.15   192.168.210.203 17   53    1699   1/4     0 96  1   tunnel 2617 13   0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.16   192.168.210.203 17   53    7799   1/4     0 96  1   tunnel 2617 11   0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.16   192.168.210.203 17   53    55661  1/4     0 96  1   tunnel 2617 e    0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.15   192.168.210.203 17   53    54624  1/4     0 96  1   tunnel 2617 9    0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.16   192.168.210.203 17   53    35976  1/4     0 96  1   tunnel 2617 11   0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.15   192.168.210.203 17   53    38106  1/4     0 96  1   tunnel 2617 2    0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.16   192.168.210.203 17   53    47276  1/4     0 96  1   tunnel 2617 e    0      0      FYI
                                                  0/0     0 0   0   local                         
207.172.11.15   192.168.210.203 17   53    45076  1/4     0 96  2   tunnel 2617 13   0      0      FYI
                                                  0/0     0 0   0   local                         
192.168.210.203 207.172.11.15   17   30412 53     1/2     0 96  1   tunnel 2617 16   418    d0bf   FCI
                                                  0/0     0 0   0   local                         
192.168.210.203 207.172.11.16   17   28434 53     1/2     0 96  1   tunnel 2617 4    418    d0bf   FCI
                                                  0/0     0 0   0   local                         
192.168.210.203 207.172.11.16   17   7799  53     1/2     0 96  0   tunnel 2617 11   418    d0bf   FCI
                                                  0/0     0 0   0   local                         
192.168.210.203 207.172.11.15   17   1699  53     1/2     0 96  0   tunnel 2617 13   418    d0bf   FCI
                                                  0/0     0 0   0   local                 

MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: Captive Portal fails to launch on Android phones

have you tried to do DNS lookups with an app which allows this? do they resolve? if not, might it be an idea to test with different DNS servers, perhaps the public ones from google? beyond that you might want to capture at the DNS server side to check for anything odd. it is weird this just happens on android, does it happens on all android devices?

Occasional Contributor I
Posts: 9
Registered: ‎12-13-2012

Re: Captive Portal fails to launch on Android phones

Boneyard,

 

Thanks for your response. Some Android devices work fine others don't. I'll gather more information from the users to determine the Android OSes that are failing to load the Captive Portal and do some further testing.

Guru Elite
Posts: 21,031
Registered: ‎03-29-2007

Re: Captive Portal fails to launch on Android phones

Just4now88 if this is critical, please open a support case asap to get this troubleshot in parallel since the solution could be very involved and depend on personal information that cannot be shared in this forum.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Regular Contributor II
Posts: 219
Registered: ‎10-09-2009

Re: Captive Portal fails to launch on Android phones

I have had the same issue with iOS 6 devices. TAC could not figure it out.  I would like to know what TAC says to this issue.

Search Airheads
Showing results for 
Search instead for 
Did you mean: