Wireless Access

Reply
Occasional Contributor II

Captive Portal

I have a 3600 controller with about 150 APs connected to it. Customer wanted two SSIDs: one for staff and one guest.

When I connect to the guest SSID (which is open) and try to browse to a web site, I am redirected to the captive portal. The problem is it takes about 12 seconds to get redirected to the captive portal initially.

And after I put in my email address, it take forever to be directed to the original web site I wanted to navigate to.

Is there a way to speed these redirections up? I changed the redirect timeout value from 10 seconds to 5, but that hasn't made any difference...

Guru Elite

Re: Captive Portal

What is the device that this happens on?  Does it happen with multiple devices?

Is the GUEST network on the same layer2 subnet as the employee network?

Is there alot of broadcast traffic on that guest network?

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Captive Portal

It was happening on Windows 7 laptops. My ipad and iphone work perfectly.

The guest network is not on the same layer two network as the employee network. The guest network is using a 192.168.200.x network all configured on the controller (vlan 200 on controller)

There were only about three devices on the guest network at the time I was testing...

Thanks,

Occasional Contributor II

Re: Captive Portal

Have you tried it with different browsers on Windows?

 

One of the problems that I was having for a while was that some of the browsers want to do OCSP if your captive portal is using HTTPS. Some browsers take a while to timeout on this check, and some even fail.

 

Something worth looking into.

Occasional Contributor II

Re: Captive Portal

That seems to be it. It works perfectly from an iPad or an iPhone also...

Occasional Contributor II

Re: Captive Portal

There are a couple of ways to open your ACL rules for the user role that presents your captive portal.

 

I went for the ugly method of doing individual IP addresses as some of the OCSP names are some form of round robin DNS. But there is a way to do it based on DNS, and would be the easiest way. I believe that it is described in the User Guide. I haven't gotten around to moving my configuration over to a DNS based but it seems like a much eaiser thing to maintain.

 

If you can't find the instructions, let me know, and I will dig around for them.

 

The cert you are using for the Captive Portal should have the DNS name of the OCSP server that you need to open up.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: