Wireless Access

Frequent Contributor I

Captive Potal Issues



I have configured Captive Portal in the network but its not letting me browse any web page.

When i got connected to the CP ssid, it assigns me the correct role i.e. "CP_SSID-guest-logon" (where CP_SSID is the ssid for captive portal) that has the preset policies "logon-control and captive" and also takes me to CP page for authentication. After providing the correct user name and password (whose entry is in Internal DB) it waits for 10 sec before redirecting to the requested webpage, which is normal, but after that it either doesn't show me any webpage (blank white page) or again shows me Captive portal page to enter the username and password which was already provided seconds ago.


Now can anyone tell me whats going on?


Interesting thing is that after successful authentication, i can ping any webpage i want but when it comes to browsing the page, aahhh... :(



Details are;


AOS is


Firewall Hits


User Role Hits

Role Policy Src Dst Service Action Dest/Opcode New Hits Total Hits Index

CP_SSID-guest-logonlogon-controlanyanysvc-icmppermit 142014208249
CP_SSID-guest-logonlogon-controlanyanysvc-dnspermit 8358358250
CP_SSID-guest-logonlogon-controlanyanysvc-dhcppermit 15158251
CP_SSID-guest-logon anyany0deny 102910298259




 Please help.



Thank you.

Guru Elite

Re: Captive Potal Issues

In your Captive Portal Authentication Profile, what is the Default Role?

What role does the user end up in AFTER authentication?

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.

Re: Captive Potal Issues

Check your DNS + gw configuration (under IP>route or under IP>dhcp)

also - can u printout /screenshot the ACL that authenticated users getting after the captive please.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor I

Re: Captive Potal Issues

Thanks cjoseph. I got it to work with your kind support.


I forgot to change the default role which was same as initial role that's why it never got changed :)



Please clearfy 1 more thing before we mark this thread as "solved".

Now i want to NAT the guest traffic hide the network IP scheme and resources, can you please help me achieve that?


I have 3 VLANs on the controller, 1 is default (, vlan10 is for employee and vlan50 is for uplink (4th port is assigned to vlan50 with client's network parameters and using external DHCP/DNS servers). Clients get the IPs from external server on vlan50 and Captive portal SSID is assigned vlan50, say 192.168.0.x. Now what should i do that the guest users get the IP address like 10.10.10.x. as well as they cannot access/ping the internal FTP or DHCP/DNS servers???


Please guide.

Guru Elite

Re: Captive Potal Issues

If your users are on VLAN50:


config t

interface vlan 50

ip nat inside


If you want to block traffic to internal resources, go into the "authenticated" role and add ACLs that block internal traffic.  If your clients are using an internal DNS server, make sure that the ACL to block internal traffic comes after permitting DNS.


Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Captive Potal Issues

I am facing the same problem. Will try that.


Frequent Contributor I

Re: Captive Potal Issues

Thanks for guiding me through. :)

Search Airheads
Showing results for 
Search instead for 
Did you mean: