Wireless Access

Reply
Occasional Contributor I
Posts: 5
Registered: ‎02-07-2014

Captive Portal URL loop

[ Edited ]

Greetings.

I'm having a devil of a time figuring out the source of a captive portal redirect loop. I have an AP in a group with a captive portal that is working fine for our entire enterprise. The captive portal page looks remarkably like the one here with an "I Accept" button: https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-154

 

I'm trying to create a new SSID with the campus WAN wizard and copy the working captive portal page. I've copied all the settings (initial role, etc) from the working one to the best of my ability. The signon URL of the working one shows AP group, IP address, MAC, etc. ie:

 

https://securelogin.arubanetworks.com/upload/custom/la_open-cp_prof/public_wireless_internet_access.htm?cmd=login&mac=00:24:2b:97:51:8c&ip=172.35.167.60&essid=oabc_open&apname=d8%3Ac7%3Ac8%3Ac2%3Ac8%3A6c&apgroup=OABC_CP_OPEN&url=http%3A%2F%2Fgoogle.c...

 

I'm keeping the AP in the same group (OABC_CP_OPEN). I go to Management > Captive Portal > Upload > and upload the exact same HTML (with the file renamed) as Captive Portal Login (top level).

When I go to Security > Authentication > L3 Authentication the working one reads: /upload/custom/la_open-cp_prof/public_wireless_internet_access.htm

 

I copy the same HTML page renamed to oabc_public_wireless_internet_access.htm, change the Security > Authentication > L3 Authentication > login page variable to /upload/custom/oabc_open-cp_prof/oabc_public_wireless_internet_access.htm and when the captive portal page tries to load it blows up and shows the IP, MAC, AP group, etc, over and over:

 

https://securelogin.arubanetworks.com/upload/custom/oabc_open-cp_prof/oabc_public_wireless_internet_access.htm?cmd=login&mac=00:24:2b:97:51:8c&ip=172.35.167.60&essid=oabc%5Fopen&apname=d8%3Ac7%3Ac8%3Ac2%3Ac8%3A6c&apgroup=OABC_CP_OPEN&url=https%3A%2F%...

 

 

If I leave everything else the same and change the login variable to the working one: /upload/custom/la_open-cp_prof/public_wireless_internet_access.htm it works fine. So, just flip flopping the login page variable will fix it or break it.

 

So essentially, two SSID's same HTML and the only thing I change is the log on variable. Clearly I've missed something. Does any of this make sense and does anyone have a suggestion on where to look given my rambling description?

 

Thanks,

Scott.

 

PS. I'm also having trouble showing the entire URL's. This post truncates it.

Aruba
Posts: 1,643
Registered: ‎04-13-2009

Re: Captive Portal URL loop

[ Edited ]

Can you share the following to compare:

 

show rights <logon-role1>

show rights <logon-role2>

 

show aaa authentication captive-portal <nameofcaptiveportal1>  (captive portal shown in show rights1)

show aaa authentication captive-portal <nameofcaptiveportal2>  (captive portal shown in show rights2)

 

can you also share the HTML page that is not working?

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 5
Registered: ‎02-07-2014

Re: Captive Portal URL loop

[ Edited ]

Thanks for the quick reply. Sorry that my response isn't as fast. I've been fighting a bug (analog, not digital). I've attatched the requested info.

Moderator
Posts: 321
Registered: ‎08-28-2009

Re: Captive Portal URL loop

Hi Scott,

Name wise, you attached public_wireless_internet_access.htm , but according to your post this may be the  'ok' one, whereas oabc_public_wireless_internet_access.htm maybe is the one that you meant to post. Can you confirm ?

regards

-jeff

Occasional Contributor I
Posts: 5
Registered: ‎02-07-2014

Re: Captive Portal URL loop

[ Edited ]

The HTML is the exact same for both. Only the name has changed.

Sorry, that was confusing. But yes, it's something about the oabc profile or something that is acting up.

 

Thanks for the reply.

 

Scott.

Moderator
Posts: 321
Registered: ‎08-28-2009

Re: Captive Portal URL loop

[ Edited ]

Scott

that is strange, the html is, as you state, identical and benign. Can you confirm after putting this "faulty" one back, that if you use a browser in privacy mode (and/or flush everything out) that you still see the issue? Does this loop happen on the initial redirect, or, after you press "I Accept"

 

Suggestion, put the CP to http (in the CP profile, allow http) , clear your browser cache, start wireshark, browse to some http:// website and capture what goes on, have a close look at the 302 redirect that comes back, it should be pointing to your login file.

 

append the wireshark cap here if you like

 

regards

-jeff

MVP
Posts: 762
Registered: ‎03-25-2009

Re: Captive Portal URL loop


sdencar wrote:

 

PS. I'm also having trouble showing the entire URL's. This post truncates it.


Sorry not a usefull response to your problem but just a fyi about the url truncation.

Check http://community.arubanetworks.com/t5/Community-Feedback/code-brackets/td-p/186140 for a discussion about this.

 

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: