Security

Reply
Contributor I
Posts: 48
Registered: ‎01-19-2011

Trouble getting external captive portal redirect to work

So I'm setting up a test guest network.  I just want to get to the redirect first, then figure the rest out later.

 

- I have 2x 7240's and 2x 7220's.  No other Aruba devices.

- Basic SSID protected by wpa2-psk at the moment (during test).

- Users hop on to an already exisiting VLAN from another VAP that's working.

- Spun up a packetfence box that'll do the external captive portal work.

 

From the only guide I found here is what I created so far:

 

New L3 Captive Portal Auth -> Only things I changed is set default role and defaul guest role to the captive-portal role).  Disabled User and Guest login.  For login page - pointed it http://<packetfence box>/ and disabled welcome page.  

 

New guest-cp role - applied captive portal L3 to it.  Only allowing DNS/ DHCP/ and 80+443 to the packetfence IP.

 

New guest (post-cp) role but that doesn't matter for now as I jsut want to get TO the packetfence box.

 

Finally, new AAA auth profile - default psk for 802.1x for the temp wpa2-psk and then for all 3 types of roles (initial, mac default, and 802.1x default) all set to guest-cp role as explained above.

 

My understanding is that's all I should really need under one new VAP for user to hop on, get an IP, go to the browser - type in anything but only get redirect to packetfence.  

 

But watching the browser using dev tools I don't see the redirect come through at all. 

 

Any guides by Aruba or another user would be greatly appreciated.  And or any help trying to get through this part.

 

I followed this guide without the NAT portions or the XMP-API part as I'm not even there yet...

https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-124

 

Thanks in advance!

Guru Elite
Posts: 8,040
Registered: ‎09-08-2010

Re: Trouble getting external captive portal redirect to work

Do you have an IP address set on the user VLAN on the controller? This is required for the redirected (dst-nat) to work.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 48
Registered: ‎01-19-2011

Re: Trouble getting external captive portal redirect to work

Just realized I accidently created this under the Clearpass category.  Reposting under the ArubaOS category.

Contributor I
Posts: 48
Registered: ‎01-19-2011

Re: Trouble getting external captive portal redirect to work

Guess I'll just keep responding here.

 

I saw that same solution under a few different posts... but I don't think I'm understanding it.

 

The VLAN the user first gets assigned to is a dhcp network with public IP addresses. The Packetfence box is on another network with a public facing IP as well.  What is the dst-nat I'm supposed to be setting?  Sorry, total noob here.

Guru Elite
Posts: 8,040
Registered: ‎09-08-2010

Re: Trouble getting external captive portal redirect to work

But does the controller have an address in that subnet?

Ex:
interface vlan
ip address 1.2.3.4 255.255.255.0

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor I
Posts: 48
Registered: ‎01-19-2011

Re: Trouble getting external captive portal redirect to work

Oh I get it, no it does not.  Dang, gotta rethink how that's done then. 

 

Thanks a bunch for your help.  Is there a part of a VRD or something Im missing on setting this up or is the guide I posted pretty much it?

 

Thanks!

Search Airheads
Showing results for 
Search instead for 
Did you mean: