Security

Reply
Occasional Contributor II

Internal Captive Portal

hello,

i have an aruba mobility controller with ClearPass Policy manager. we configured a number of SSIDs that uses captive portals from the CPPM. however, we needed an SSID that uses the controller's internal captive portal. se we have left the default configuration of the captive portal profile for this SSID.

Capture.PNG

the problem is that the SSID redirects the clients to the CPPM welcome page.

sa.PNG

Securelogin.arubanetworks.com redirects me to the Clearpass. can you please help me.

 

 

 

Aruba Employee

Re: Internal Captive Portal

Hi Saleem,

 

Please provide me the following information:

 

1. What is the role assigned to the client when it connects to the SSID ?

2. Does this role has the correct captive portal profile (internal captive portal) mapped to it?

 

Please share the name of the captive portal profile which uses internal page & the following output.

 

1. Aruba# show rights <name of the role assigned to the client>

 

Client will get the portal page based upon the captive portal profile mapped to the role that it gets.

 

We need to ensure that the role has the correct profile mapped. In case, you are using the ssame role for different SSID's that will cause a conflict.

 

Occasional Contributor II

Re: Internal Captive Portal

Attached the results of the requisted command.

thank you

Guru Elite

Re: Internal Captive Portal

A user would get that page if the https page in the Captive Portal Authentication Profile (on the controller) is pointing at the admin page of ClearPass, instead of a guest page.  It looks like the guest is being redirected to the admin page, or the path to the guest page has been entered wrong.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Internal Captive Portal

the question is, why does "securelogin.arubanetworks.com" points to the clearpass and not the controller ? thats what really needs to be answered

Aruba Employee

Re: Internal Captive Portal

Hi Saleem,

 

Please share the results for the following :

 

1. show aa authentication captive-portal Test-cp_prof

2. What is the result of nslookup to securelogin.arubanetworks.com when the user is placed in

Test-Logon role.

3. Did you made changes to default Captive portal ACL's ?

 

The following ACL's are the default ones.

 

captiveportal
-------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Low 4
3 user any svc-https dst-nat 8081 Low 4
4 user any svc-http-proxy1 dst-nat 8088 Low 4
5 user any svc-http-proxy2 dst-nat 8088 Low 4
6 user any svc-http-proxy3 dst-nat 8088 Low 4

 

Please check the ACL's which are hit when you get redirected to CPPM page :

 

show acl hits role <name of role>

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: