Security

Reply
Contributor I
Posts: 69
Registered: ‎08-30-2011

Want to stop web redirect

Dear Expert

 

My customer uses captive portal authentication on 3600.

Authentication log in page is displayed when http packets are detected by the controller.

But we stop this web redirect because it affects load to the controller temporally.

Instead, the customer wants to put server’s ip address manually on their PC and display authentication page manually.

Can we stop this web redirect on the controller?

Actually they use the authentication by wired, not wireless.

 

Best Regards

MVP
Posts: 507
Registered: ‎05-11-2011

Re: Want to stop web redirect

 

Just to clearify..

Do you want to prevent the controller to show the Captive Portal? 

Or to prevent the redirect that happens after authentication to the original webpage the user wanted to go?

And - do you have performance issues on the Controller since you want this?

 

 

..John


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Contributor I
Posts: 69
Registered: ‎08-30-2011

Re: Want to stop web redirect

John

Appreciate your quick response.

 

>>Do you want to prevent the controller to show the Captive Portal?

 

Yes, I want the controller not to show the captive portal log in page.

 

>>And - do you have performance issues on the Controller since you want this?

 

That is becase we have performance issue. Some clietns create many https for some reaosnse and now the controller redirect all those packets, therefore they recieve much load. I want to prevent this ASAP on controller side.

 

Regards

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Want to stop web redirect

In the initial role, you should have an ACL that looks something like:

 

any any svc-http dst-nat

any any svc-https dst-nat

 

If you remove those rules, the controller won't automatically intercept http/https requests.  You would have to use the URL "securelogin.arubanetworks.com/auth/index.html" (if you use a custom cert, change "securelogin.arubanetworks.com" to the device name in your cert) to get the client to view the captive portal page.

 

You will also have to add a rule that allows the user to talk to the controllers "controller-ip" so that the page can be displayed.  You can get the controller-ip from the command "show controller-ip", assuming you are running a fairly new ArubaOS.

Contributor I
Posts: 69
Registered: ‎08-30-2011

Re: Want to stop web redirect

Olio

thanks,

 

>>a rule that allows the user to talk to the controllers "controller-ip" so that the page can be displayed.

 

If clients are different subnet for controller-ip, let's say what rules should I add? Do I have routing?

 

Regards

naka39

Aruba Employee
Posts: 664
Registered: ‎04-15-2009

Re: Want to stop web redirect

In the pre-login role, add these rules:

 

any host x.x.x.x svc-http dst-nat

any host x.x.x.x svc-https dst-nat

 

x.x.x.x = the IP address of the controller from "show controller-ip".

 

That way, when you put in the URL in the client browser, you can do http://x.x.x.x (same IP as above) and the client should be redirected to the login page.  If you put http://www.google.com (or any other URL) in the browser, you should NOT get the login page.

Contributor I
Posts: 69
Registered: ‎08-30-2011

Re: Want to stop web redirect

[ Edited ]
Olino Thanks a lot ! It makes me clear. I will try those config. Regards naka39
Search Airheads
Showing results for 
Search instead for 
Did you mean: