Security

I am deploying free Wi-Fi in a public location.  Our PR department wants a landing page to corporate website.  That is, after a user click on “I ACCEPT”, the browser redirect to a page as designated in captive portal profile “welcome page”.  It works for almost all devices except the Apple iOS.  After user click "I ACCEPT", role changes to "guest", Safari will browse the Internet, but no redirect to corporate landing page.

Any ideas?

My AOS 6.1.2.3

My index.html is from this http://support.arubanetworks.com/ArubaOSKB/tabid/111/Default.aspx

My captive portal profile:

(MASTER) #show aaa authentication captive-portal BTNRHGUEST-CP

Captive Portal Authentication Profile "BTNRHGUEST-CP"

-----------------------------------------------------

Parameter                                     Value

---------                                     -----

Default Role                                  OPENEDGUEST-LOGON

Default Guest Role                            guest

Server Group                                  default

Redirect Pause                                10 sec

User Login                                    Disabled

Guest Login                                   Enabled

Logout popup window                           Disabled

Use HTTP for authentication                   Disabled

Logon wait minimum wait                       5 sec

Logon wait maximum wait                       10 sec

logon wait CPU utilization threshold          60 %

Max Authentication failures                   0

Show FQDN                                     Disabled

Use CHAP (non-standard)                       Disabled

Sygate-on-demand-agent                        Disabled

Login page                                    /upload/custom/BTNRHGUEST-CP/index.html

Welcome page                                  http://www.boystownhospital.org

Show Welcome Page                             No

Add switch IP address in the redirection URL  Disabled

Allow only one active user session            Disabled

Show the acceptable use policy page           Disabled

Regards,

In your Captive Portal profile, why have you set "Show Welcome-Page" as "NO"? It should be YES.

I tried both, that knob made no different to the welcome page

If this is an IOS device, that is probably because the IOS captive portal network assistant, which prevents subsequent redirects.

In your "logon" role you need to permit traffic to *.apple.com so that the captive portal network assistant does not launch.

I tried same setup in my LAB and it worked fine. I used controller on 6.1.3.1. Customize CP + External Welcome page (yahoo.com).

BTW, I did not add apple.com in the logon role but you can give it a shot...

Can you please upgrade the controller to 6.1.3.1 and check?

Regards,

Alap

Thanks both Colin and aalap22.  I am in the process of upgrading to 6.1.3.1.  

Colin, can you be more specific in guest logon role?  I could not do “user host *.apple.com any permit position 2”, so I tried to permit host www.apple.com, 23.33.29.25, and host apple.com 17.149.160.49.  It is probably not a good idea. 

Is it possible to do ACL to allow *.apple.com?

Best Regards,

Trinh Nguyen

You can use this:

config t

ip domain.name test.com

ip name-server 8.8.8.8

ip domain-lookup

netdestination apple

name *.apple.com

After that, you can use the alias "apple" in an ACL to permit traffic.

Safari tried to redirect to welcome page, but error:

"Safari cannon open the page because too many redirects occurred."

It cannot redirect to the page for user to click "I ACCEPT

This is strange: the problem is only at the LOCAL controller.  APs associated to master-controller worked !

It works after upload the customer page "index.html" to every LOCAL CONTROLLERS.

Thanks all for your help!