Security

Reply
MVP

ClearPass Guest Captiveportal Redirect Incorrectly

We has been opened guest, but now I need to deploy ClearPass guest in hospital for a marketing purpose. Everything seems to work correctly except this one:
I create a Web Logins in ClearPass Guest, when I click Test it works correctly, the page address is:
http://cp01.lab.net/guest/test.php
However, when a user connect to guest ssid, the page redirects to:
http://172.18.1.1cp01.lab.net/guest/test.php
Where 172.18.1.1 is the controller IP address. If I remove 172.18.1.1 from the link, it works.
How can I fix this Captive portal redirection?
My AOS 6.4.2.8, CPPM 6.5.1.72346, and I use default securelogin.arubanetworks.com
My captive portal:

(aruba-master) #show aaa authentication captive-portal Test

Captive Portal Authentication Profile "Test"
--------------------------------------------
Parameter                                          Value
---------                                          -----
Default Role                                       guest
Default Guest Role                                 guest
Server Group                                       RADIUS
Redirect Pause                                     10 sec
User Login                                         Enabled
Guest Login                                        Disabled
Logout popup window                                Enabled
Use HTTP for authentication                        Enabled
Logon wait minimum wait                            5 sec
Logon wait maximum wait                            10 sec
logon wait CPU utilization threshold               60 %
Max Authentication failures                        0
Show FQDN                                          Disabled
Authentication Protocol                            PAP
Login page                                         cp01.lab.net/guest/test.php
Welcome page                                       /auth/welcome.html
Show Welcome Page                                  No
Add switch IP address in the redirection URL       Disabled
Adding user vlan in redirection URL                Disabled
Add a controller interface in the redirection URL  N/A
Allow only one active user session                 Disabled
White List                                         N/A
Black List                                         N/A
Show the acceptable use policy page                Disabled
User idle timeout                                  N/A
Redirect URL                                       N/A
Bypass Apple Captive Network Assistant             Disabled
URL Hash Key                                       N/A

Thanks,

~Trinh Nguyen~
Boys Town

Re: ClearPass Guest Captiveportal Redirect Incorrectly

Check the initial role that the user is getting assigned and verify that the Captive portal profile is the correct one 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP

Re: ClearPass Guest Captiveportal Redirect Incorrectly

Thanks for reply. The logon is correct captiveportal profile:

(aruba-master) #show rights Test-logon

Derived Role = 'Test-logon'
 Up BW:No Limit   Down BW:No Limit
 L2TP Pool = default-l2tp-pool
 PPTP Pool = default-pptp-pool
 Periodic reauthentication: Disabled
 DPI Classification: Enabled
 Web Content Classification: Enabled
 ACL Number = 104/0
 Max Sessions = 65535

 Check CP Profile for Accounting = TRUE
 Captive Portal profile = Test

Application Exception List
--------------------------
Name  Type
----  ----

Application BW-Contract List
----------------------------
Name  Type  BW Contract  Id  Direction
----  ----  -----------  --  ---------

access-list List
----------------
Position  Name                   Type     Location
--------  ----                   ----     --------
1         global-sacl            session
2         apprf-Test-logon-sacl  session
3         CCPM                   session
4         logon-control          session
5         captiveportal          session

......

 

 

 

~Trinh Nguyen~
Boys Town

Re: ClearPass Guest Captiveportal Redirect Incorrectly

Can you confirm that the user is getting that initial role ?

show user-table | include <mac address>
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP

Re: ClearPass Guest Captiveportal Redirect Incorrectly

Yes, confirm.  User connects and gets initial role Test-logon, and redirects to captiveportal Test.

If I change the captiveportal login page to controller default /auth/index.html, it works.

This is my Web login:

  Capture.PNG

~Trinh Nguyen~
Boys Town

Re: ClearPass Guest Captiveportal Redirect Incorrectly

Everything looks good, this is odd

Try a couple of things:
- Change the URL in the Captive portal profile to reflect the IP of CPPM instead of the DNS name and see what happens
- Try recreating the a Captive portal profile and add whitelist CPPM and remove it from the ACL from the user-role
- Run the packet capture and see what's going on there
- Try another browser
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP

Re: ClearPass Guest Captiveportal Redirect Incorrectly

After multiple attempts I found the solution. It is quite simple:

 

In my Captive portal profile check this line:

Login page   cp01.lab.net/guest/test.php

Change to

Login page    http://cp01.lab.net/guest/test.php

Problem SOLVED!

Many thanks to Victor for your helps

~Trinh Nguyen~
Boys Town

Re: ClearPass Guest Captiveportal Redirect Incorrectly

haha good catch i def missed it
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: