Hello,
I am testing a new captive portal with a user derivation rule to allow certain devices to auth based on the mac address.
For the clients using the captive portal, most of the times everything functions as it should. (they enter credentials, i see activity logged on the radius server, they log in, they browse)
Sometimes however, after entering credentials, the page the user is redirected to is blank and i see ACCESS%DENIED in the URL. Firefox reports that the client was redirected in a way that will not complete.
Worse still, on the radius server, when this happens, i see NO activity logged, even when debugging against my mac address or username.
Does anyone have an idea of what is going wrong?
config is:
aaa authentication captive-portal "portal-tst"
default-role "authenticated"
server-group "AAA-Radius"
no logout-popup-window
login-page "/upload/custom/portal/index.html"
no enable-welcome-page
white-list "OTHEROCSPCRL"
white-list "globalsignOCSPcrl"
!
user-role pre-portal-tst
captive-portal "portal-tst"
access-list session v6PermitOCSPcrl
access-list session permitOCSPcrl
access-list session netbios-acl
access-list session istns-http
access-list session v6-logon-control
access-list session logon-control
access-list session netid-http
access-list session captiveportal
access-list session captiveportal6
!
wlan ssid-profile "portal-tst"
essid "portal-tst"
g-basic-rates 6 12 24
g-tx-rates 6 9 12 18 24 36 48 54
max-clients 38
wmm
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
local-probe-req-thresh 20
mcast-rate-opt
qbss-load-enable
!
aaa profile "aaa-portal-tst"
initial-role "pre-portal-tst"
user-derivation-rules "test-mac-role"
enforce-dhcp
!
wlan virtual-ap "portal-tst-VAP"
aaa-profile "aaa-portal-tst"
ssid-profile "portal-tst"
vlan 1026
band-steering
broadcast-filter all
auth-failure-blacklist-time 600
blacklist-time 0
deny-inter-user-traffic
!
Thanks,
Matt