Wireless Access

Community,

 

I had this issue resolved back in October of 2017 but for whatever reason I am running into this situation again. I have a WLAN (CDT-Green) that is supposed to redirect user web traffic to a custom captive portal page where they have to hit the "accept" button to get to the internet. I can connect to the WLAN just fine using the password, but when I open a web browser, the WLC (3200XM) is not redirecting the traffic to the captive portal page. The configs are as follows:

 

wlan virtual-ap "CDTGreen"
aaa-profile "CDTGreen_AAA"
ssid-profile "CDTGreen_SSID"
no vap-enable
vlan 1109
deny-inter-user-traffic

 

aaa profile "CDTGreen_AAA" (the initial role here is "logon")
authentication-dot1x "dot1x_prof-ckz60"

 

user-role logon
captive-portal "default"
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session captiveportal6

 

logon     2    Up: No Limit,Dn: No Limit  logon-control/,captiveportal/,vpnlogon/,v6-logon-control/,captiveportal6/   

 

aaa authentication captive-portal "default"
default-role "logon"
redirect-pause 2
no user-logon
guest-logon
no logout-popup-window
protocol-http
login-page "/upload/custom/default/Captive Portal3.htm"
no enable-welcome-page

 

any help you can provide would be fantastic! Thanks!

You have a space in between Captive Portal3

login-page "/upload/custom/default/Captive Portal3.htm"

Victor,

 

Thank you so much for the reply. I fixed the name of the file to not include a space but unfortunately the WLC is still not redirecting the traffic to the internal Captive Portal. Do you need any other outputs from me?

Do you have an IP address assigned under the guest VLAN ? It is required for the redirect to work

The vlan were using is vlan 1103, the machine gets an IP address and connects to the SSID just fine. It just wont redirect to the captive portal page. Its not in a "guest network" setup eventhough we call it a "Guest" network. 

You need to assign an IP under that VLAN (Aruba Controller)

conf t
Interface VLAN 1103
IP address x.x.x.x x.x.x.x

Thank you

Victor Fabian

Pardon typos sent from Mobile

Victor,

 

Thanks for your help! I figured out the issue was with the vlan the wlan was on. I fixed that and now the portal is redirecting. However, I am having another issue. When the controller redirects the web traffic to the captive portal, after the user hits the "Accept" button the controller doesnt allow the traffic. The initial URL is:

http://10.129.129.166/upload/custom/default/CaptivePortal3.htm?cmd=login&mac=94:65:9c:46:5f:eb&ip=172.16.20.7&essid=CDT%2DGreen&apname=6c%3Af3%3A7f%3Aca%3Af1%3A29&apgroup=Cedar_WLAN&url=http%3A%2F%2Fwww%2Ewalmart%2Ecom%2F

 

But when the "Accept" button is selected, the URL is:

 

http://10.129.129.166/upload/custom/default/CaptivePortal3.htm?errmsg=Access%20denied&mac=94:65:9c:46:5f:eb&ip=172.16.20.7&essid=CDT%2DGreen&apname=6c%3Af3%3A7f%3Aca%3Af1%3A29&apgroup=Cedar_WLAN&url=http%3A%2F%2Fwww%2Ewalmart%2Ecom%2F

 

Please notice the "errmsg=Access%20denied" statement. Any ideas what to check here? 

 

Here is more info about the custom captive portal page. This is info about the "Accept" button.

 

<b>CLICK ON THE BUTTON BELOW TO ACCEPT THE ABOVE POLICY TERMS.</b></font>
<br><br><br>
<form name="form1" method="post" action="/auth/index.html/u">
<span class="bodytext">
<input type="hidden" id="email" name="email" type="text" value="user@company.com" class="text" accesskey="e" />
<input type="hidden" name="cmd" value="authenticate" />
<input type="submit" name="Login" value="I ACCEPT" class="button" />
</span>
</form>
</div>
</body>

 

Victor,

 

Please disregard, i found the issue. The "Guest Login" check box was unchecked in the L3 Authentication tab.