Security

I have recently resolved an issue with users unable to resolve the captive portal address, and pretty much stumbled across this.

We had a captive portal which was working perfectly fine, and we updated our SSL certificate and this suddenly stopped working.  After weeks of troubleshooting this and not finding any issues, we decided to create a test SSID and enable the captive portal on this, which meant we had to change the ip-cp-redirect-address command to the VLAN IP of the controller.

This then sprung into life, and we could resolve the captive portal on the test SSID, we then moved the configuration back to how it originally was and this is now also working...

Has anyone came across any issues where you had to re-enter configuration into a controller for something to work?

mayoung85,

Did you look into a possible OCSP issue?  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/OCSP-captive-portal-issues-apple-laptops-amp-firefox/m-p/82456/highlight/true#M3201

I don't know about having to re-enter commands for something to work.

cjoseph,

We tried it on a wide range of devices, iPhones, Android phones, W7 clients running IE and chrome.

All with the same issue.  It seem to not like to resolve the new address for the captive portal.  We even configured a static DNS entry on a Windows machine to point at the internal IP address of the controller and this worked for the captive portal to resolve.

Did you at least see the fqdn from the new certificate populate the browser and attempt to resolve?  Since you no longer have the issue it is difficult to go back and replicate what happened, so we might not be able to get to the bottom of this.

Yeah, this went from the default securelogin.aruba... to aruba.ourdomain...

Yeah, it's quite difficult to troubleshoot now it's resolved but I was thinking someone may have came across such issues.

We have had this issue again today, and changing this address again has resolved the issue.

Definitely sounds like a bug.  I've attached the tech support file from when this wasn't working and also now that it is.

Here is the controller details:

ArubaOS (MODEL: Aruba6000), Version 5.0.3.3

We are looking to upgrade this to 6.3, we are just waiting for a time we can do this by the customer as this is used as a master controller for several other sites.

5.0.3.3 is from 2011, so it is definitely possible this issue has been fixed in a future release.  It would not hurt to check with TAC to see if it is fixed.

The best advice is to first upgrade them to the latest 5.x (5.0.4.15 at this time) to see if it fixes the issue and to minimize your variables.

Yeah, I've got a ticket raised with TAC but they couldn't seem to find an issue.

Guess we will never get to the bottom of this without upgrading.

Thanks for your help cjoseph