Wireless Access

Reply
mom
Contributor I

AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

Hello!

 

I am working currently with an aruba 7030 controller (AOS  6.5.2.0) and a custom internal captive portal page.

 

All sorts of clients except iOS devices open the CP page automatically after association.
I read a mass of topics but found no solution jet.

 

We have no pefng license.
The controller plays dhcp server, default gateway and dns server is a other device.

 

I've enabled the Apple Captive Network Assistant bypass, as suggested in this article:

http://community.arubanetworks.com/t5/Wireless-Access/Automaticly-open-captive-portal-after-joining-unsecured-wifi/m-p/283980

But this has no affect in my case.

 

DNS lookups are possible in the initial role, i've tested this with nslookup.

 

Initial role befor login:

 

#show rights Gast-cp_prof

Valid = 'Yes'
CleanedUp = 'No'
Derived Role = 'Gast-cp_prof'
Up BW:No Limit Down BW:No Limit
L2TP Pool = default-l2tp-pool
PPTP Pool = default-pptp-pool
Number of users referencing it = 2
Periodic reauthentication: Disabled
DPI Classification: Enabled
Youtube education: Disabled
Web Content Classification: Enabled
IP-Classification Enforcement: Enabled
ACL Number = 69/0
Openflow: Disabled
Max Sessions = 65535

Check CP Profile for Accounting = TRUE
Captive Portal profile = Gast-cp_prof

Application Exception List
--------------------------
Name Type
---- ----

Application BW-Contract List
----------------------------
Name Type BW Contract Id Direction
---- ---- ----------- -- ---------

access-list List
----------------
Position Name Type Location
-------- ---- ---- --------
1 Gast-cp_prof session

Gast-cp_prof
------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller6 svc-http captive Low 6
2 user controller svc-http dst-nat 8080 Low 4
3 user any svc-https captive Low 6
4 user any svc-http captive Low 6
5 any any svc-v6-icmp permit Low 6
6 any any svc-v6-dns permit Low 6
7 any any svc-v6-dhcp permit Low 6
8 user any svc-http dst-nat 8080 Low 4
9 user any svc-https dst-nat 8081 Low 4
10 any any svc-dns permit Low 4
11 any any svc-dhcp permit Low 4

Expired Policies (due to time constraints) = 0

CP profile settings:

 

cpprof.jpg

 

 

I'm grateful for any recommendation.

 

Thank you!

 

Best regards
Matthias
Guru Elite

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

You have a custom page.  Try it with the default captive portal page on the controller.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

mom
Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

I will try it and reply the result...
Best regards
Matthias
mom
Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

Hi!

 

I changed captive portal back to the aruba default.
No effect, on ios the cp page don't pop up automatically.

 

Bypass Apple Captive Networ Assistant is disabled.
DNS lookups are successful, http://captive.apple.com/hotspot-detect.html and http://www.apple.com/library/test/success.html are not reachable in the initial role.

 

Do you have another idea?

 

Thank you for help!

 

 

Best regards
Matthias
mom
Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

Update:

Now i changed the L3 Authentication captive portal custom profile to "Use HTTP for authentication" AND the default site.
Now CNA pops up.

 

Now i think the error lies in the HTML code from the custom CP page.
Do you know for what i should look for?

 

Thanks for help!

Best regards
Matthias
mom
Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

Update:

With the exlusion procedure i minimized the CSS code of my html page until the CNA pops up.
I am able to confirm this article now, start with the basics if you want to create a custom captive portal!

I used this guide for my customizations and i must say, you hav to clean out everything of the css codes that is not needed.
Something in the css blocked the CNA. I was not able to find the responsible line, because of time (about 6000 lines in the template).

 

Now the CP pops up automatically on iOS :)

 

 

Best regards
Matthias
Occasional Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

Hi Matthias good spot on the CSS blocking, funny enough I wrote that blog post you linked to about the responsive Captive Portal (!)

 

Seems Apple have got more fussy with what they'll accept on the CNA page. I tried removing elements from the Boostrap template I was using but no joy.

 

Instead I've changed over to a simpler framework http://getskeleton.com/ and styled that up to be similar to the old one I wrote about. Pleased to say it works fine now with Apple CNA :)

 

Will do another blog post on it soon but thanks for posting your solution and giving me a heads-up on what to look for.

 

For reference it also seems like embedded Fonts and Javascript (e.g. for page scrolling, error handling etc.) aren't allowed by the Apple CNA so had to remove those as well. Android and Windows work fine though.

 

Regards, 

 

Gerrard

mom
Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

Hi!

 

Skeleton looks interesting, I like thin codes :) ...
Maybe I try it next time, if I have the requirement.

 

Yeah, at the end I was sitting a couple of hours with deleting function for function, line for line, checking the impact to the display and if CNA pops up....

Frustrating....

 

In addition, we have no PEFNG license and no certificate.
So, I was not able to customize the ACL's and Roles.
And I was not sure if CNA had problems with the certificate warning...

 

Everything together is an annoying thing!

 

 

I'm looking forward to your further posts!

 

 

 

 

 

 

 

Best regards
Matthias
Occasional Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

I read in another thread that iOS requires the Captive Portal to have an externally Trusted SSL certificate so we purchased one of those as part of the troubleshooting steps. 

 

Now I've got it working I don't want to turn anything off so can't be 100% sure if the cert helps or not (!)

mom
Contributor I

Re: AOS 6.5.2.0 - Captive Portal auto prompt not working on iOS

In this case, i changed the captive portal to HTTP.
That works for sure.

I think i tried HTTPS without certificate also.
If I remember right CNA was popping up but with a certificate warning...
The next thing is, you can only define the CP URL with the certificate FQDN...

Best regards
Matthias
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: