Guest Captive Portal and DNS Cache

DLC_XZ1F06 · ‎09-21-2016

Suggestions on a workaround.

Problem:

Users not receiving captive portal page if previous browser session open and reassociating to guest network.

Scenario:

User initially associates to Guest network. They receive the captive portal, and can authenticate (or accept user terms). Guest disconnects, or leaves, and user table entry times out; however, they do not close their browser.

User returns and associates again. Place in initial role for guest (guest-logon); however, they are not provided the captive portal.

We think the DNS entry (e.g., Google.com) is being cached, and therefore the traffic is not hitting the captive portal rule. If this is the case, then this would be a client adjustment and nothing to be done on the wireless infrastructure side.

If not, I'm not sure what should/could be done to force the CP on the client. The rules seem to be correct (just copied default and added rule to allow HTTP/HTTPS to the clearpass server.

Any suggestions/comments/input?

cappalli · ‎09-08-2010

They need to navigate to an HTTP page. Chances are the page they have up is HTTPS.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

DLC_XZ1F06 · ‎09-21-2016

Can you elaborate. Should the policies in the user role catch redirect whether it is HTTP or HTTPS?

cappalli · ‎09-08-2010

It will catch HTTPS, but the user will receive a certificate warning.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Innovate at the speed of mobile and IoT.

Be in the know.

Join, Learn, Share.

How can we help?

Essential Reading.

Ideas Exchange.

Security

Guest Captive Portal and DNS Cache

Re: Guest Captive Portal and DNS Cache

Re: Guest Captive Portal and DNS Cache

Re: Guest Captive Portal and DNS Cache

Encrypting Guest traffic

Step-by-Step: How to Configure Microsoft IAS Radius Server from Scratch

limiting the number of device s a user can have

MDAC Issues - Failed association

Aruba support LEAP?

Creative Configurations

Aruba Deployment with Firewalls

Remote AP

ap uptime

COTD: Configuring ARM scanning for any client type

WPA-PSK and VLAN assignment via MAC address

ICMP Type and Code Filtering

Remove wireless profiles on Windows XP machines

Rolling out 802.1x with GTC

Making DHCP mandatory on Aruba WLAN

ClearPass Downloads

Aruba Instant 6.4.2.6-4.1.1.11 Released 11/27/2015

Aruba Instant 6.4.2.6-4.1.1.10 Released 9/28/15

Re: ArubaOS Downloads

Aruba Mobility Controllers

Remote AP Networks

Indoor 802.11n Site Survey and Planning

Base Designs Lab Setup for Validated Reference Design

Optimizing Aruba WLANs for Roaming Devices

Security

Guest Captive Portal and DNS Cache

Re: Guest Captive Portal and DNS Cache

Re: Guest Captive Portal and DNS Cache

Re: Guest Captive Portal and DNS Cache

Follow Us