Wireless Access

Reply
Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Captive Portal and Proxy Server

I have a functioning captive portal with logon and authenticated roles correctly working. We supply wpad to clients with DHCP and DNS. Radius is by MS NPS wich returns the user role based on vendor attributes.

 

My issue is with devices that can't do wpad. Andriods, IOS. I need them to explicitly set the proxy server in the wi-fi settings. I can educate our CP users to do this. The problem is that once they set the proxy server the CP logon page doesn't work. If they haven't set the proxy it works fine but they then need to set the proxy to get interent access which is then remembered for that SSID which breaks the CP for them next time they use it.

 

The master controller is 3600 at OS 6.4.3.5. The other 10 local controllers are a mixture all running at same version.

 

I am seeing DNS on the proxy server from the affected client so I don't think DNS is the issue.

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Captive Portal and Proxy Server

Are your users manually setting the proxy server?  ex: proxy address = x.x.x.x, proxy port = 8080?  Or are they using the proxy auto function that iOS & Android support?

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Re: Captive Portal and Proxy Server

I have had some success with iOS by using auto and entering http://xxx.xxx.xxx.xxx/wpad.dat. (Apparently iOS doesn't do DNS resolution for WPAD hence using the IP of the WPAD server).
The Android device I am using for testing doen't support auto detect or adding a URL for a wpad file.

I need to put in xxx.xxx.xxx.xxx:8081 as the proxy address. When I do this it I don't get the CP login screen.

I tried dst-nat'ing tcp 8081 in the log on role to the controller but that doesn't work.

If I revert to using http (not https) for the CP it works fine but I am not about to do that for eveyone.

Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Captive Portal and Proxy Server

Unfortunately,

 

Android does not support automatic configuration of a proxy via option 252 or wpad.  https://code.google.com/p/android/issues/detail?id=42696

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Re: Captive Portal and Proxy Server

Yes, that is why I am having the andriod users set the proxy server. The issue is that it breaks the captive portal login. I can't get the login page to show.

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Captive Portal and Proxy Server

On the iOS devices that you can use the automatic proxy URL, are you able to hit the captive portal?  If not, I was thinking you could create an exception in the pac file so the request wouldn't go to the proxy and thus force a redirect to the captive portal. For example, bypass "http://yahoo.com" in the proxy pac file; this will result in captive portal redirection.  Of course, you'd want to select something that colleagues wouldn't typically go or else they won't be able to connect to it once logged in since your Internet traffic must traverse a proxy.

 

Curious to know which version of Android you're running?  Automatic proxy URL is available in Marshmallow and Jelly Bean, from the experience I have.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Captive Portal and Proxy Server

What port do you use for your proxy?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 1,111
Registered: ‎10-11-2011

Re: Captive Portal and Proxy Server

He's using TCP 8081 if I'm not mistaken.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Captive Portal and Proxy Server


dazza wrote:

Yes, that is why I am having the andriod users set the proxy server. The issue is that it breaks the captive portal login. I can't get the login page to show.


If you are using port 8081, there is a rule already built in to redirect that successfully for the captive portal.  Please see the article here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-configure-Captive-Portal-with-a-browser-that-uses-a/ta-p/178038

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Re: Captive Portal and Proxy Server

The portal works fine on iOS if we set the URL for the pac file. It is actually auto generated by Microsoft TMG as the proxy so it is wpad.dat not a pac file.

My android phone is Marshmallow. The option to set auto proxy is there but the save button is greyed out.

For the proxy port I tried using 8081 and d-nat'ing any 8081 traffice to the captive portal, <controller ip>:8081 but I get a "Bad Request. Reason: you're speaking plain http to an ssl-enabled port".

Search Airheads
Showing results for 
Search instead for 
Did you mean: