Security

Reply
MVP
Posts: 286
Registered: ‎11-04-2008

No Authentication Captive Portal with Welcome Page

[ Edited ]

I am deploying free Wi-Fi in a public location.  Our PR department wants a landing page to corporate website.  That is, after a user click on “I ACCEPT”, the browser redirect to a page as designated in captive portal profile “welcome page”.  It works for almost all devices except the Apple iOS.  After user click "I ACCEPT", role changes to "guest", Safari will browse the Internet, but no redirect to corporate landing page.

Any ideas?

My AOS 6.1.2.3

My index.html is from this http://support.arubanetworks.com/ArubaOSKB/tabid/111/Default.aspx

My captive portal profile:

 

(MASTER) #show aaa authentication captive-portal BTNRHGUEST-CP

 

Captive Portal Authentication Profile "BTNRHGUEST-CP"

-----------------------------------------------------

Parameter                                     Value

---------                                     -----

Default Role                                  OPENEDGUEST-LOGON

Default Guest Role                            guest

Server Group                                  default

Redirect Pause                                10 sec

User Login                                    Disabled

Guest Login                                   Enabled

Logout popup window                           Disabled

Use HTTP for authentication                   Disabled

Logon wait minimum wait                       5 sec

Logon wait maximum wait                       10 sec

logon wait CPU utilization threshold          60 %

Max Authentication failures                   0

Show FQDN                                     Disabled

Use CHAP (non-standard)                       Disabled

Sygate-on-demand-agent                        Disabled

Login page                                    /upload/custom/BTNRHGUEST-CP/index.html

Welcome page                                  http://www.boystownhospital.org

Show Welcome Page                             No

Add switch IP address in the redirection URL  Disabled

Allow only one active user session            Disabled

Show the acceptable use policy page           Disabled

 

Regards,


~Trinh Nguyen~
Boys Town
Aruba Employee
Posts: 100
Registered: ‎12-02-2011

Re: No Authentication Captive Portal with Welcome Page

In your Captive Portal profile, why have you set "Show Welcome-Page" as "NO"? It should be YES.

 

MVP
Posts: 286
Registered: ‎11-04-2008

Re: No Authentication Captive Portal with Welcome Page

I tried both, that knob made no different to the welcome page

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 19,991
Registered: ‎03-29-2007

Re: No Authentication Captive Portal with Welcome Page

If this is an IOS device, that is probably because the IOS captive portal network assistant, which prevents subsequent redirects.

 

In your "logon" role you need to permit traffic to *.apple.com so that the captive portal network assistant does not launch.

 

 

 

 

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba Employee
Posts: 100
Registered: ‎12-02-2011

Re: No Authentication Captive Portal with Welcome Page

I tried same setup in my LAB and it worked fine. I used controller on 6.1.3.1. Customize CP + External Welcome page (yahoo.com).

BTW, I did not add apple.com in the logon role but you can give it a shot...

 

Can you please upgrade the controller to 6.1.3.1 and check?

 

Regards,

Alap

 

MVP
Posts: 286
Registered: ‎11-04-2008

Re: No Authentication Captive Portal with Welcome Page

[ Edited ]

Thanks both Colin and aalap22.  I am in the process of upgrading to 6.1.3.1.  

 

Colin, can you be more specific in guest logon role?  I could not do “user host *.apple.com any permit position 2”, so I tried to permit host www.apple.com, 23.33.29.25, and host apple.com 17.149.160.49.  It is probably not a good idea. 

Is it possible to do ACL to allow *.apple.com?

 

Best Regards,

Trinh Nguyen

 

~Trinh Nguyen~
Boys Town
Guru Elite
Posts: 19,991
Registered: ‎03-29-2007

Re: No Authentication Captive Portal with Welcome Page

You can use this:

 

config t

ip domain.name test.com

ip name-server 8.8.8.8

ip domain-lookup

netdestination apple

name *.apple.com

 

 

After that, you can use the alias "apple" in an ACL to permit traffic.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 286
Registered: ‎11-04-2008

Re: No Authentication Captive Portal with Welcome Page

[ Edited ]

 

Safari tried to redirect to welcome page, but error:

"Safari cannon open the page because too many redirects occurred."

It cannot redirect to the page for user to click "I ACCEPT

 

This is strange: the problem is only at the LOCAL controller.  APs associated to master-controller worked !

 

 

~Trinh Nguyen~
Boys Town
MVP
Posts: 286
Registered: ‎11-04-2008

Re: No Authentication Captive Portal with Welcome Page

 

It works after upload the customer page "index.html" to every LOCAL CONTROLLERS.

 

Thanks all for your help!

~Trinh Nguyen~
Boys Town
Search Airheads
Showing results for 
Search instead for 
Did you mean: