Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎01-17-2013

Captive Portal redirect to master

Hi

We have a master controller and a local controller. The local controller is located on a remote site. There are no access points terminated on the maste controller. We have a guest ssid which users connect to and get redirected to the captive portal login page. The portal page displayed is the page from the local controller. What we want though, is to have the users redirected to the captive portal page on the master controller. Is this possible?

I though changing the cp-redirect-address on the local controller to the ip address of the master would work but this does not make any difference. We will be rolling out additional local controllers, so want to save some effort and have a custom portal page on the master controller only.

Thanks in advance for any help.

 

Roy

Guru Elite
Posts: 20,585
Registered: ‎03-29-2007

Re: Captive Portal redirect to master

You cannot redirect local users to a page on the master, no.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 17
Registered: ‎01-17-2013

Re: Captive Portal redirect to master

Thanks for the reply. However, after much tearing of hair out, I did eventually get this to work.

 

Here is what I did.

 

On the logon user role, I applied these rules:

ip access-list session cp-guest
  alias NW-Guest   alias masterswitch svc-https  dst-nat 8081
  alias NW-Guest any svc-http  dst-nat 8080
  alias NW-Guest any svc-https  dst-nat 8081

One the guest auth role, I applied these rules:

ip access-list session captiveportal
  any   alias masterswitch svc-https  redirect tunnel 800
  any any svc-http-proxy1  redirect tunnel 800
  any any svc-http-proxy2  redirect tunnel 800
  any any svc-http-proxy3  redirect tunnel 800
  any any svc-http  redirect tunnel 800
  any any svc-https  redirect tunnel 800

 

What appears to happen, is that the client connects to the guest ssid on the AP attached to the Local controller. The traffic is then redirected through the GRE tunnel. As the logon role is used by the GRE tunnel connection, restricting the source to the guest network prevents other users from unnecessarily accessing the captive portal. When the client opens a browser, the CP hijack kicks in and the Master controller captive portal login page appears. The user can then login normally and access the Internet as expected.

 

I need to carry out more tests, to confirm these changes have not messed up anything else but initial tests do look promising.

 

Roy

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: