Security

Reply
Contributor I

Guest Captive Portal and DNS Cache

Suggestions on a workaround.


Problem:

Users not receiving captive portal page if previous browser session open and reassociating to guest network.

 

Scenario:

User initially associates to Guest network. They receive the captive portal, and can authenticate (or accept user terms). Guest disconnects, or leaves, and user table entry times out; however, they do not close their browser.

User returns and associates again. Place in initial role for guest (guest-logon); however, they are not provided the captive portal.

 

We think the DNS entry (e.g., Google.com) is being cached, and therefore the traffic is not hitting the captive portal rule. If this is the case, then this would be a client adjustment and nothing to be done on the wireless infrastructure side.

If not, I'm not sure what should/could be done to force the CP on the client. The rules seem to be correct (just copied default and added rule to allow HTTP/HTTPS to the clearpass server.

 

Any suggestions/comments/input?

Guru Elite

Re: Guest Captive Portal and DNS Cache

They need to navigate to an HTTP page. Chances are the page they have up is HTTPS.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Guest Captive Portal and DNS Cache

Can you elaborate. Should the policies in the user role catch redirect whether it is HTTP or HTTPS?

Highlighted
Guru Elite

Re: Guest Captive Portal and DNS Cache

It will catch HTTPS, but the user will receive a certificate warning.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: