Wireless Access

Reply
Frequent Contributor II

How can I disable HTTP captive portal page?

I have been asked to disable the ablity to use HTTP for the redirect captive portal page on our guest network. I have already unchecked the box where it won't send the HTTP page only sends HTTPS, but it still allows one to type in HTTP:// and get to a non secure captive portal page. I have tried to remove the HTTP ACL from the session GUEST - Login but It still is working. 

Re: How can I disable HTTP captive portal page?

 

This is for the controller captive portal or Clearpass guest ?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor II

Re: How can I disable HTTP captive portal page?

Controller

Contributor I

Re: How can I disable HTTP captive portal page?

Hi,

Can you please confirm if you have removed http from the captive portal ACL under the guest logon role.

Also I assume under aaa authentication --> layer 3 authentication you have already uncheck use http for authentication.

Thank You.
Frequent Contributor II

Re: How can I disable HTTP captive portal page?

Yes to both after we did that I was able to paste in HTTP:// and get the captive portal to come up. I called in a support ticket they are suggesting we delete the ACL svc-http-proxy2 and 3 we are seeing hits on the ACL

 

guest-logon            captiveportal     user  any                  svc-http-proxy2   dst-nat   8088         0         455         10056  ipv4

guest-logon            captiveportal     user  any                  svc-http-proxy3   dst-nat   8088         0         2           10057  ipv4

 

Last time I called in they said to remove the HTTP ACL and it didn't work. I even tried putting a deny in there that didn't work either. 

Re: How can I disable HTTP captive portal page?

If you go to Management -- Captive Portal, then click on View Captiveportal, does it show https in the browser address bar?


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Frequent Contributor II

Re: How can I disable HTTP captive portal page?

I get HTTPS://   but as I said before that works fine what can be done is the S can be removed and they are able to get to the same page using HTTP://

MVP

Re: How can I disable HTTP captive portal page?

Check Clearpass Guest -> Configuration. Check the box for "Require https for guest access". If this is already checked then all acces with http to a guest portal will be redirected to https.

Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor II

Re: How can I disable HTTP captive portal page?

We aren't using clearpass just the controller we plan on going to clearpass but not until the end of the year.

Guru Elite

Re: How can I disable HTTP captive portal page?

Try this:

 

config t
firewall cp ipv4 deny 192.168.1.0 255.255.255.0 proto http

 We are assuming that your guests are coming from 192.168.1.0/24

 

And do this to reverse it:

 

config t
firewall cp
no ipv4 deny 192.168.1.0 255.255.255.0 proto 6 ports 80 80

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: