Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive Portal

This thread has been viewed 2 times

  • 1.  Captive Portal

    Posted Sep 12, 2012 11:24 AM

    I have a 3600 controller with about 150 APs connected to it. Customer wanted two SSIDs: one for staff and one guest.

    When I connect to the guest SSID (which is open) and try to browse to a web site, I am redirected to the captive portal. The problem is it takes about 12 seconds to get redirected to the captive portal initially.

    And after I put in my email address, it take forever to be directed to the original web site I wanted to navigate to.

    Is there a way to speed these redirections up? I changed the redirect timeout value from 10 seconds to 5, but that hasn't made any difference...


    #3600


  • 2.  RE: Captive Portal

    EMPLOYEE
    Posted Sep 12, 2012 11:28 AM

    What is the device that this happens on?  Does it happen with multiple devices?

    Is the GUEST network on the same layer2 subnet as the employee network?

    Is there alot of broadcast traffic on that guest network?

     

     



  • 3.  RE: Captive Portal

    Posted Sep 12, 2012 12:00 PM

    It was happening on Windows 7 laptops. My ipad and iphone work perfectly.

    The guest network is not on the same layer two network as the employee network. The guest network is using a 192.168.200.x network all configured on the controller (vlan 200 on controller)

    There were only about three devices on the guest network at the time I was testing...

    Thanks,



  • 4.  RE: Captive Portal

    Posted Sep 13, 2012 02:31 PM

    Have you tried it with different browsers on Windows?

     

    One of the problems that I was having for a while was that some of the browsers want to do OCSP if your captive portal is using HTTPS. Some browsers take a while to timeout on this check, and some even fail.

     

    Something worth looking into.



  • 5.  RE: Captive Portal

    Posted Sep 13, 2012 04:10 PM

    That seems to be it. It works perfectly from an iPad or an iPhone also...



  • 6.  RE: Captive Portal

    Posted Sep 13, 2012 04:18 PM

    There are a couple of ways to open your ACL rules for the user role that presents your captive portal.

     

    I went for the ugly method of doing individual IP addresses as some of the OCSP names are some form of round robin DNS. But there is a way to do it based on DNS, and would be the easiest way. I believe that it is described in the User Guide. I haven't gotten around to moving my configuration over to a DNS based but it seems like a much eaiser thing to maintain.

     

    If you can't find the instructions, let me know, and I will dig around for them.

     

    The cert you are using for the Captive Portal should have the DNS name of the OCSP server that you need to open up.