05-27-2014 01:14 PM
I saw the topic How does captive portal authentication really work with ClearPass Guest? But I need to know how does captive portal authentication works with builtin configuration.
Other question: Does it need the controller have an IP address of the guest network to work the captive portal?
Solved! Go to Solution.
05-27-2014 01:20 PM
So, first off is YES you do need to have an IP on the guest's network. This is because the controller will use this to proxy a http/https request from the client to present the captive portal. Whether it is external (Clearpass) or internal on the controller, the process is similar.
See this document for the overview - http://www.arubanetworks.com/vrd/GuestAccessAppNot
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
05-27-2014 01:30 PM - edited 05-27-2014 02:08 PM
Basically this, but crucially DNS must be working for you to get the captive portal.
- client opens browser and does a dns lookup for whatever site.
- response received from dns.
- Then client opens http to site.
- controller hijacks the http and sends a http-redierect back to client which says "site has moved to securelogin.arubanetworks.com".
- client does a dns lookup for securelogin.arubanetworks.com
- controller spoofs the response and gives it's own address.
- client opens http to controller and captive portal is presented.
It's neat to see it in action if you can get a wireshark capture of the whole process.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294