04-30-2014 12:37 PM - last edited on 05-14-2014 06:08 PM by Jamie E
I have been asked to disable the ablity to use HTTP for the redirect captive portal page on our guest network. I have already unchecked the box where it won't send the HTTP page only sends HTTPS, but it still allows one to type in HTTP:// and get to a non secure captive portal page. I have tried to remove the HTTP ACL from the session GUEST - Login but It still is working.
04-30-2014 01:07 PM
This is for the controller captive portal or Clearpass guest ?
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
04-30-2014 03:03 PM
Can you please confirm if you have removed http from the captive portal ACL under the guest logon role.
Also I assume under aaa authentication --> layer 3 authentication you have already uncheck use http for authentication.
04-30-2014 03:09 PM - edited 04-30-2014 03:09 PM
Yes to both after we did that I was able to paste in HTTP:// and get the captive portal to come up. I called in a support ticket they are suggesting we delete the ACL svc-http-proxy2 and 3 we are seeing hits on the ACL
guest-logon captiveportal user any svc-http-proxy2 dst-nat 8088 0 455 10056 ipv4
guest-logon captiveportal user any svc-http-proxy3 dst-nat 8088 0 2 10057 ipv4
Last time I called in they said to remove the HTTP ACL and it didn't work. I even tried putting a deny in there that didn't work either.
05-01-2014 01:58 AM
If you go to Management -- Captive Portal, then click on View Captiveportal, does it show https in the browser address bar?
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294
05-01-2014 03:17 PM
-ACMX #316 :: ACCP-
Intelecom - Norway
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
05-01-2014 05:58 PM - edited 05-01-2014 06:00 PM
config t firewall cp ipv4 deny 192.168.1.0 255.255.255.0 proto http
We are assuming that your guests are coming from 192.168.1.0/24
And do this to reverse it:
config t firewall cp no ipv4 deny 192.168.1.0 255.255.255.0 proto 6 ports 80 80
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base