03-27-2013 05:18 AM
We have a master controller and a local controller. The local controller is located on a remote site. There are no access points terminated on the maste controller. We have a guest ssid which users connect to and get redirected to the captive portal login page. The portal page displayed is the page from the local controller. What we want though, is to have the users redirected to the captive portal page on the master controller. Is this possible?
I though changing the cp-redirect-address on the local controller to the ip address of the master would work but this does not make any difference. We will be rolling out additional local controllers, so want to save some effort and have a custom portal page on the master controller only.
Thanks in advance for any help.
03-27-2013 03:34 PM
You cannot redirect local users to a page on the master, no.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
03-28-2013 05:36 AM
Thanks for the reply. However, after much tearing of hair out, I did eventually get this to work.
Here is what I did.
On the logon user role, I applied these rules:
ip access-list session cp-guest
alias NW-Guest alias masterswitch svc-https dst-nat 8081
alias NW-Guest any svc-http dst-nat 8080
alias NW-Guest any svc-https dst-nat 8081
One the guest auth role, I applied these rules:
ip access-list session captiveportal
any alias masterswitch svc-https redirect tunnel 800
any any svc-http-proxy1 redirect tunnel 800
any any svc-http-proxy2 redirect tunnel 800
any any svc-http-proxy3 redirect tunnel 800
any any svc-http redirect tunnel 800
any any svc-https redirect tunnel 800
What appears to happen, is that the client connects to the guest ssid on the AP attached to the Local controller. The traffic is then redirected through the GRE tunnel. As the logon role is used by the GRE tunnel connection, restricting the source to the guest network prevents other users from unnecessarily accessing the captive portal. When the client opens a browser, the CP hijack kicks in and the Master controller captive portal login page appears. The user can then login normally and access the Internet as expected.
I need to carry out more tests, to confirm these changes have not messed up anything else but initial tests do look promising.