Security

Reply
Occasional Contributor I
Posts: 5
Registered: ‎07-03-2014

Guest network with proxy

Hello,

 

    I have a hard time getting a guest network with login page working right.  This particular network has a proxy server that all web traffic must go trought.  The proxy information is automatically setup with a .pac file downloaded from a web server on the internal network.   The problem is that the guest network is a layer 3 VLAN existing only up to the controller (172.16.44.1/24) with the internal DHCP server.  I've put the right option in the DHCP setup and the clients receive the .PAC file correcty the first time, but if I disconnect the client and reconnect, the login page never comes back and I can't browse anywhere.  Is there something to check for in the .PAC file to make it work?

 

Thank you!

Aruba
Posts: 1,636
Registered: ‎04-13-2009

Re: Guest network with proxy

What proxy port are you forcing your clients to within the .pac file?  Can you share the file contents.    Also, share the results of the following:

 

show rights <name-of-captive-portal-role>

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 5
Registered: ‎07-03-2014

Re: Guest network with proxy

Hello,

Here is the content of the .pac file:

function FindProxyForURL(url, host)

if (isPlainHostName(host) ||
shExpMatch ( host,"*.mydomain.com") ||
isInNet(dnsResolve(host), "10.0.0.0", "255.0.0.0") ||
isInNet(dnsResolve(host), "127.0.0.0", "255.255.255.0"))
return "DIRECT";
else
return "PROXY myproxy.mydomain.com:8080";
}

And here is the show rights guest-logon:

Derived Role = 'guest-logon'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Periodic reauthentication: Disabled
ACL Number = 6/0
Max Sessions = 65535

Check CP Profile for Accounting = TRUE
Captive Portal profile = Invite-cp_prof

access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 guests-logon-access session
2 captiveportal session
3 block-internal-net session

guests-logon-access
-------------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 user any udp 68 deny Low 4
2 any any svc-dhcp permit Low 4
3 user internal-DNS svc-dns src-nat Low 4
captiveportal
-------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 user 10.134.229.17 svc-http permit Low 4
2 user 10.128.27.124 svc-http permit Low 4
3 user controller svc-https dst-nat 8081 Low 4
4 user any svc-http dst-nat 8080 Low 4
5 user any svc-https dst-nat 8081 Low 4
6 user any svc-http-proxy1 dst-nat 8088 Low 4
7 user any svc-http-proxy3 dst-nat 8088 Low 4
block-internal-net
------------------
Priority Source Destination Service Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6
-------- ------ ----------- ------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------
1 user internal-net any deny Low 4

Expired Policies (due to time constraints) = 0

The 10.128.27.124 adress is the webserver hosting the .pac file.


Thank you!

[daniel_paquet-fr]
Search Airheads
Showing results for 
Search instead for 
Did you mean: