Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Internal Captive Portal

This thread has been viewed 17 times

  • 1.  Internal Captive Portal

    Posted Jun 12, 2016 09:12 AM

    hello,

    i have an aruba mobility controller with ClearPass Policy manager. we configured a number of SSIDs that uses captive portals from the CPPM. however, we needed an SSID that uses the controller's internal captive portal. se we have left the default configuration of the captive portal profile for this SSID.

    Capture.PNG

    the problem is that the SSID redirects the clients to the CPPM welcome page.

    sa.PNG

    Securelogin.arubanetworks.com redirects me to the Clearpass. can you please help me.

     

     

     



  • 2.  RE: Internal Captive Portal

    Posted Jun 13, 2016 04:45 AM

    Hi Saleem,

     

    Please provide me the following information:

     

    1. What is the role assigned to the client when it connects to the SSID ?

    2. Does this role has the correct captive portal profile (internal captive portal) mapped to it?

     

    Please share the name of the captive portal profile which uses internal page & the following output.

     

    1. Aruba# show rights <name of the role assigned to the client>

     

    Client will get the portal page based upon the captive portal profile mapped to the role that it gets.

     

    We need to ensure that the role has the correct profile mapped. In case, you are using the ssame role for different SSID's that will cause a conflict.

     



  • 3.  RE: Internal Captive Portal

    Posted Jun 13, 2016 05:41 AM
      |   view attached

    Attached the results of the requisted command.

    thank you

    Attachment(s)

    txt
    show_rights_ Test-logon_output.txt   7 KB 1 version


  • 4.  RE: Internal Captive Portal

    EMPLOYEE
    Posted Jun 13, 2016 07:18 AM

    A user would get that page if the https page in the Captive Portal Authentication Profile (on the controller) is pointing at the admin page of ClearPass, instead of a guest page.  It looks like the guest is being redirected to the admin page, or the path to the guest page has been entered wrong.



  • 5.  RE: Internal Captive Portal

    Posted Jun 13, 2016 07:38 AM

    the question is, why does "securelogin.arubanetworks.com" points to the clearpass and not the controller ? thats what really needs to be answered



  • 6.  RE: Internal Captive Portal

    Posted Jun 13, 2016 09:23 AM

    Hi Saleem,

     

    Please share the results for the following :

     

    1. show aa authentication captive-portal Test-cp_prof

    2. What is the result of nslookup to securelogin.arubanetworks.com when the user is placed in

    Test-Logon role.

    3. Did you made changes to default Captive portal ACL's ?

     

    The following ACL's are the default ones.

     

    captiveportal
    -------------
    Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
    -------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
    1 user controller svc-https dst-nat 8081 Low 4
    2 user any svc-http dst-nat 8080 Low 4
    3 user any svc-https dst-nat 8081 Low 4
    4 user any svc-http-proxy1 dst-nat 8088 Low 4
    5 user any svc-http-proxy2 dst-nat 8088 Low 4
    6 user any svc-http-proxy3 dst-nat 8088 Low 4

     

    Please check the ACL's which are hit when you get redirected to CPPM page :

     

    show acl hits role <name of role>