Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest Captive Portal and DNS Cache

This thread has been viewed 2 times

  • 1.  Guest Captive Portal and DNS Cache

    Posted Jul 13, 2017 02:22 PM

    Suggestions on a workaround.


    Problem:

    Users not receiving captive portal page if previous browser session open and reassociating to guest network.

     

    Scenario:

    User initially associates to Guest network. They receive the captive portal, and can authenticate (or accept user terms). Guest disconnects, or leaves, and user table entry times out; however, they do not close their browser.

    User returns and associates again. Place in initial role for guest (guest-logon); however, they are not provided the captive portal.

     

    We think the DNS entry (e.g., Google.com) is being cached, and therefore the traffic is not hitting the captive portal rule. If this is the case, then this would be a client adjustment and nothing to be done on the wireless infrastructure side.

    If not, I'm not sure what should/could be done to force the CP on the client. The rules seem to be correct (just copied default and added rule to allow HTTP/HTTPS to the clearpass server.

     

    Any suggestions/comments/input?



  • 2.  RE: Guest Captive Portal and DNS Cache

    EMPLOYEE
    Posted Jul 13, 2017 02:25 PM

    They need to navigate to an HTTP page. Chances are the page they have up is HTTPS.



  • 3.  RE: Guest Captive Portal and DNS Cache

    Posted Jul 13, 2017 02:30 PM

    Can you elaborate. Should the policies in the user role catch redirect whether it is HTTP or HTTPS?



  • 4.  RE: Guest Captive Portal and DNS Cache

    EMPLOYEE
    Posted Jul 13, 2017 02:46 PM

    It will catch HTTPS, but the user will receive a certificate warning.