Wireless Access

Reply
Occasional Contributor I

Override 3rd party captive portal?

Hi,

 

We have a guest wifi service provided by a 3rd party organisation. They have a switch in our DC and provide a VLAN to us, which we then pass to our Aruba controllers. Clients on our guest SSID are dropped into this VLAN, and the 3rd party controls the L3 interface for the network and provides DHCP and a captive portal.

 

We would like to put our own captive portal page in front of theirs. We don't want to do any authentication, just show the users a page and then have them click a link to proceed to the 3rd party registration page.

 

Should this be possible, and how woud you go about setting it up?

 

We would like to avoid putting users in one VLAN and then moving them to the guest VLAN later if possible. 

Occasional Contributor I

Re: Override 3rd party captive portal?

Can anyone offer any advice on this?

Guru Elite

Re: Override 3rd party captive portal?

If you are forced to use the 3rd party VLAN, there is probably no way that you can avoid their captive portal, because they intercept all of your traffic.  If you can use your own VLAN to get to the internet, you might have options.

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Occasional Contributor I

Re: Override 3rd party captive portal?

As the APs and the controller are closer to the client than the third party equipment, shouldn't we be able to intercept any traffic and redirect to our own captive portal? I'm only looking to use the basic captive portal on the controllers.

 

Would it make any difference if we gave our controllers IP addresses in the network/VLAN used by the clients?

Guru Elite

Re: Override 3rd party captive portal?

We would need a network diagram to understand what is possible.  In general, If your provider is inline with your guest traffic it is impossible to avoid their portal.  If there is another way out, say another VLAN, you should put your guests on that layer 2 VLAN instead and establish your own captive portal.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Occasional Contributor I

Re: Override 3rd party captive portal?

I've attached a diagram.

 

As I said above, we can potentially give the controllers IP addresses in VLAN 99 if that would help.

 

We did think about dropping the clients into a different VLAN in order to show them our own captive portal page - but as I understand it, they then have to be moved to VLAN 99, and this requires them to have to do DHCP again, and they'll see their connection drop. Can this process be done smoothly and reliably? If not we would prefer to try and make it work while keeping them in VLAN 99 the whole time. 

Guru Elite

Re: Override 3rd party captive portal?

If you just simply want to have your own captive portal, I would create a new VLAN internal to the controller, put your Captive Portal Virtual AP on that, and then source-nat the traffic out of that internal VLAN.  Your guest traffic will be natted out of the ip address of the controller's management VLAN.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: