Controllerless Networks

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

Why does the Aruba Controller serve up the instant.arubanetworks.com SSL cert when I've uploaded the SSL cert for wifi.mydomainname.com? Is there a way to specify which SSL key to use???

Do I have to use the same SSL key on the Controller & ECP page? Reason being is that the Aruba Controller is using a 90-day ZEROSSL cert whereas the ECP page is using an SSL cert from Microsoft Azure.

Thanks!


Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) is able to freely browse the internet. What's truly interesting is that a Windows 10 device redirects to http://localhost.com/wifi/index. /wifi/index is the Url in ECP Profile. It did this one time. I just tested & that's no longer working.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to select Auth Servers nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image.

I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted.

I'm trying to use Authentication Text which would require me to be able to select InternalServer.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------

Hi, as far as i understand you want to use an External Captive Portal rigth?

If you want to do that, the first thing you need to change is the URL to point to the IP/hostname of the webserver hosting the Captive Portal. The second thing ypu need to change is the URL to probably /wifi/index since is the actual location inside the webserver.
ip/hostname : 192.168.100.15 (IP of the webserver)
URL: /wifi/indexx (location inside the webserver of the CP)

When you use localhost in Hostname, the AP will try to redict you to a webserver in the localhost (the device itself) so when you do it in the Android/Iphone you won't get anything unless you have a webserver running in port 80. Probably you tested the CP in the Windows machine hosting the ECP and that's why it opened.

Hope this helps.

Regards

------------------------------
Ulises Cazares
------------------------------

Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------

Thanks for the response! In my case, the config looks like this.

ip/hostname : https://wifi.mydomain.com
URL: /wifi/index (location inside the webserver of the CP)
Port: 443

Do I need to use an IP address? If so, I don't think I have a dedicated IP to use.


Original Message:
Sent: Apr 20, 2021 10:34 AM
From: Ulises Cazares
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

Hi, as far as i understand you want to use an External Captive Portal rigth?

If you want to do that, the first thing you need to change is the URL to point to the IP/hostname of the webserver hosting the Captive Portal. The second thing ypu need to change is the URL to probably /wifi/index since is the actual location inside the webserver.
ip/hostname : 192.168.100.15 (IP of the webserver)
URL: /wifi/indexx (location inside the webserver of the CP)

When you use localhost in Hostname, the AP will try to redict you to a webserver in the localhost (the device itself) so when you do it in the Android/Iphone you won't get anything unless you have a webserver running in port 80. Probably you tested the CP in the Windows machine hosting the ECP and that's why it opened.

Hope this helps.

Regards

------------------------------
Ulises Cazares

Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------

As for the certificate. Did you upload the cert in the Aruba AP as captive portal?


The instant.arubanetworks.com is the default cert for the WEBUI and Captive portal.  Is not about the ssl keys is abput the cert. When you use the ECP the AP should redirect you to the webserver and thats the first cert you will see but the credentials are POSTed you will see the cert in the AP.




------------------------------
Ulises Cazares
------------------------------

Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------

Thanks! This is really helpful. I'll check and see. I know I had issues with this.


Original Message:
Sent: Apr 20, 2021 10:58 AM
From: Ulises Cazares
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

As for the certificate. Did you upload the cert in the Aruba AP as captive portal?


The instant.arubanetworks.com is the default cert for the WEBUI and Captive portal.  Is not about the ssl keys is abput the cert. When you use the ECP the AP should redirect you to the webserver and thats the first cert you will see but the credentials are POSTed you will see the cert in the AP.




------------------------------
Ulises Cazares

Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------

@ulises.cazares I tried to upload my crt file using the Captive portal server type but it doesn't work. It looks like it is looking for a Private key which is what you would think would be uploaded. I use DigiCert (Windows app) to create my CSR and export my private keys. Does anyone have instructions on how to create the Captive portal server cert?​​​

Thanks!


Original Message:
Sent: Apr 20, 2021 10:58 AM
From: Ulises Cazares
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

As for the certificate. Did you upload the cert in the Aruba AP as captive portal?


The instant.arubanetworks.com is the default cert for the WEBUI and Captive portal.  Is not about the ssl keys is abput the cert. When you use the ECP the AP should redirect you to the webserver and thats the first cert you will see but the credentials are POSTed you will see the cert in the AP.




------------------------------
Ulises Cazares

Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------

Hi, in order to upload the cert to the AP you have to paste all the certs in a notepad as save the file as .pem.


You have to include the following:

certificate for your captive portal
private key
certificate for intermediate CA
certificate for root CA

It should look somehow like this (i removed a lot of the certs lines)

-----BEGIN CERTIFICATE-----
MIIF2jCCBMKgAwIBAgIRAIHUNM1mLTHkZlbOI7qb+gkwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDMy2fTqFcaLN3y
RUCn2x4YQ0n9D1oA0YzrDcboO276PyJPfpJGoW7bHbbFlmmePXhXEzGx92Xf4jM7
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIQOXJEOvkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEb
MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow
GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmlj
-----END CERTIFICATE-----


Hope this helps





------------------------------
Ulises Cazares
------------------------------

Original Message:
Sent: Apr 20, 2021 02:58 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

@ulises.cazares I tried to upload my crt file using the Captive portal server type but it doesn't work. It looks like it is looking for a Private key which is what you would think would be uploaded. I use DigiCert (Windows app) to create my CSR and export my private keys. Does anyone have instructions on how to create the Captive portal server cert?​​​

Thanks!


Original Message:
Sent: Apr 20, 2021 10:58 AM
From: Ulises Cazares
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

As for the certificate. Did you upload the cert in the Aruba AP as captive portal?


The instant.arubanetworks.com is the default cert for the WEBUI and Captive portal.  Is not about the ssl keys is abput the cert. When you use the ECP the AP should redirect you to the webserver and thats the first cert you will see but the credentials are POSTed you will see the cert in the AP.




------------------------------
Ulises Cazares

Original Message:
Sent: Apr 19, 2021 02:22 PM
From: Brian Teague
Subject: IAP-205 External Captive Portal config doesn't redirect when accessing via iPhone, Android, Windows 10 etc...

This is my first time configuring an Aruba device to work with an External Captive Portal. I've configured several other APs to work with ECPs so I know what I'm doing. I followed these instructions but I can't get an iOS device running 14.4.1 (new) or an Android device running 5.1.1 (old) to automatically redirect to the ECP page. In fact, in the rules I specify "deny access" but the devices (iPhone & Android) are able to freely browse the internet once connected to WiFi. What's truly interesting is that a Windows 10 device actually redirects to https://localhost:4343/wifi/index. /wifi/index is the Url in ECP Profile.

Configuring External Captive Portal for a Guest Network (arubanetworks.com)

The IAP is running 6.4.2.0-4.1.1.0_46028. The UI won't allow me to easily select InternalServer nor will the device actually store the correct Auth Server once selected. I'm using both Edge & Chrome to try to manage this thing. Moreover, under WLAN Configuration - Security - External Splash Page, you will see localhost etc... in the attached image. I've also added an SSL cert for wifi.mydomain.com which is where my ECP page is hosted but the Controller is serving up instant.arubanetworks.com.

I'm trying to use Authentication Text as the Type which, as I understand, would require me to be able to select InternalServer. I don't want to use a Radius server.

It's clear to me that this software config is buggy. By the way, I've tried to upgrade this thing but I don't have access to the correct image. :)

Any help is much appreciated! Thanks in advance! 

------------------------------
Brian
------------------------------