04-15-2013 10:54 AM
My school uses a captive portal from Aruba Networks in order to allow access to the internet by students who are knowledgeable of the password. Unfortunately, running Mac OS X 10.8.3, I am unable to gain access to the login page on Google Chrome, instead I must login using Firefox and even then certain websites including all websites using the domain google.com will not load. Instead, they attempt to load for some time, but after several minutes an error message is produced saying the connection has timed out. Other websites such as tumblr.comwork just as they should.
What I usually do is restart the computer and when I sign back in, the wifi connection is still intact and now all websites work with Chrome. However, without restarting, simply logging out of the system user proves futile.
Is there any way that I can resolve this problem and access the portal from Chrome rather than having to repeat all of these processes at least three times daily?
Any help would be greatly appreciated.
04-15-2013 12:31 PM
That definitely works. Please lodge your complaint with the IT department so that they can get it fixed...whatever the problem is.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
04-16-2013 07:26 AM
You could try launching chrome with the command-line switch:
12-06-2013 03:08 PM
I encountered the captive portal problem with MAC OS 10.8.5 with Aruba OS 22.214.171.124, and resolved the problem as shown below:
Controller = Aruba 3400
MAC OS X 10.8.5 12F45, Safari 6.0.5
Default certificate in Aruba 3400 (OS 126.96.36.199) was expired on 11/21/2013.
Therefore, we purchased Verisign Server Certificate, and uploaded the server certificate for Captive Portal.
Yesterday, we experienced a problem.
MAC OS X 10.8.5 12F45, Safari 6.0.5 could not get Captive Portal Login screen.
I researched Airheads and other web, and figure out two requirements to make MAC OS X work for Captive Portal with OS 188.8.131.52.
1. MAC OS X client requires to access us-courier.push-apple.com, cn1.redswoosh.akadns.net, e3191.dscc.akamaiedge.net, and other Apple.com related website PRIOR to the CaptivePortal Login screen.
2. Refer to the Airheads post shown below, purchased server certificate should include intermediate-Trust CA and Root Trust CA, to make MAC OS X work.
Actions for 1
I captured a packet trace by selecting MAC OS X laptop by wireless MAC address.
From Controller UI, Monitoring -> Controller -> Clients. Enter the MAC address and click on Search.
Click on the radio button to choose the laptop and click on Packet Capture.
Enter the IP address of target pc (The pc which has Aruba version of Wireshark installed) and match the captured-packet transport UDP Port (Default 5555) with Aruba-Version of Wireshark in the target pc. Click Start to start captured-packet transfer.
On target pc, start Aruba-version of Wireshark with UDP-5555 Interface selected.
(Note: To make above Packet Capture work, you need to add one policy in ap-acl, so that UDP Packet 5555 can go through from AP to Ethernet LAN.
ip access-list session ap-acl
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-http permit
user any svc-http-accl permit
user any svc-smb-tcp permit
user any svc-msrpc-tcp permit
user any svc-snmp-trap permit
user any svc-ntp permit
user alias controller svc-ftp permit
any any udp 5555 5556 permit <== Add this policy
What you can see in the Wireshark trace is IEEE 802 and LLC Packets. When LLC Header is attached, Wireshark does not decode IP and TCP Header after the LLC Header. For my case, IP Header (Starts from x'45') is at x'0024' in the packet, and source/destination IP addresses are at x'0030-0033' (Source IP) and x'0034-0037'(Destination IP). For example, if you can read x'0034-0035' as x'0a 0b 0c 0d', the destination IP address is "10.11.12.13".
I created a policy APPLE and added those IP subnets:
ip access-list session APPLE
user network 184.108.40.206 255.255.0.0 svc-http permit
user network 220.127.116.11 255.255.0.0 svc-http permit
user network 18.104.22.168 255.255.0.0 svc-https permit
user network 22.214.171.124 255.255.0.0 svc-https permit
user network 126.96.36.199 255.255.0.0 svc-http permit
user network 188.8.131.52 255.255.0.0 svc-https permit
user network 184.108.40.206 255.255.0.0 svc-http permit
user network 220.127.116.11 255.255.0.0 svc-https permit
user network 18.104.22.168 255.255.0.0 svc-http permit
user network 22.214.171.124 255.255.0.0 svc-https permit
user network 126.96.36.199 255.255.0.0 svc-http permit
user network 188.8.131.52 255.255.0.0 svc-https permit
And apply this APPLE policy in guest-logon as shown below. logon-control assigns DHCP IP Address, thefore I think APPLE policy should be after logon-control and before captiveportal.
Apply and Save configuration.
Actions for 2
I included Intermediate-CA and Root-Trust CA after the purchased certificate.
The trust structure of the certificate is:
Verisign (Root Trust CA)
verisign class3 Secure Server CA G3 (Intermediate CA)
xxxxx.xxxxx.xxxxxx (Purchased Certificate)
and I placed those three certificate on Wordpad, and saved it with xxxx.cer filename.
verisign class3 Secure Server CA G3 certificate
On Controller UI screen, Configuration - Management - Certificates, upload certificate shown below:
Certificate name :
Certificate Format PEM
After the certificate is uploaded, switch this certificate for CaptivePortal.
With this Action 1 and Action 2, despite of the 184.108.40.206 controller level, Captive portal worked with MAC OS X 10.8.5 12F45 and