Hi,I am using the internal captive portal provided by the iap (no controller here only virtual one) at the moment. I works ok but the lack of customization made me want to have an external one.I noticed that the iap contact google ip through 126.96.36.199/19 or 188.8.131.52/16exemple or reached page : 184.108.40.206/generate_204Is it possible to configure the IAP so that it goes to the external http page directly.I don't know where the problem comes from but I can only display html page with the captive portal, any php cause the page to be blank or even unreachable.Is it at all possible to use php? Or do I have to use html and a radius server on the side? I wanted to use pfsense captive portal, but since I can't manage to display a single php page on an completely different host I wonder if it is even possible.Is there anywhere in the doc an explicit answer to what the html page should return to the iap and how?Thanks for the reading.
I would like something pretty simple with therms and conditions with a voucher or login/password.
I don't mind putting up a radius server on the side for authentication.
What the pfsense captive portal offers would be great.
We don't use the guest portal very often, maybe 3-5 times a week. But it still bothers me to have a very minimalistic designed page.
does this help at all?
Thansk, It helps a little.I manage to see the page but It still don't work after validation of the form.
I have this error at the http://securelogin.arubanetworks.com/cgi-bin/login url.
<html><pre>Error in invocation. Error string - Internal error 001, please contact support</pre></html>
I tried changing the url by the VIP of the iaps but it didn't work. I also added the master ip in the host to securelogin.arubanetworks.com
I also changed the hidden input values from the value in the url like that :
But with no success yet.
My bad... I didn't configure enough access rule for it to work, but the basic html page v8 in the thread http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Captive-portal-on-IAP-without-using-Clearpass/td-p/79362 works !
Do you mind posting your final code?
I am stuck at the same place. Same error.
Trying to just force acknowledgement before accessing Guest network.
<p><form method=POST action="http://<IAP VC IP ADDRESS>/cgi-bin/login"><span class="bodytext"><input name=cmd value="authenticate" type="hidden"><input name=mac value="" type="hidden"><input name=ip value="" type="hidden"><input name=essid value="" type="hidden"><input name=url value="http://www.arubanetworks.com" type="hidden"><input type="submit" name="Login" value=" I Agree" class="button" /></span></form></p>
18:64:72:c7:a2:e0# sh captive-portal
Your captive portal should look like this:
wlan external-captive-portal CPPM_GUEST-CP-PROFILEserver 192.168.1.100port 443url "/guest/guest_registration_page.php"auth-text ""https
Follow the steps in this video:
wlan ssid-profile Guestenableindex 3type guestessid Guestopmode opensystemmax-authentication-failures 0vlan 67-69rf-band all
wlan external-captive-portal "Captive Portal"server 192.168.20.151port 8060url "/"auth-text "Welcome to the Guest Network"auto-whitelist-disablecaptive-portal external profile "Captive Portal"dtim-period 1inactivity-timeout 1000broadcast-filter alldmo-channel-utilization-threshold 90local-probe-req-thresh 30max-clients-threshold 64
This example is using Guest with Mac Auth and you can configure Mac caching using the ClearPass templates
Captive Portal Profile:
wlan external-captive-portal CPPM_GUEST-CP-PROFILEserver <ClearPass IP or DNS Name>port 443url "/guest/guest_registration_page.php"auth-text ""https
wlan access-rule GUEST-ROLEindex 9rule any any match udp 53 53 permitrule any any match udp 67 68 permitrule any any match tcp 80 80 permitrule any any match tcp 443 443 permit
wlan access-rule GUEST-CP-ROLEindex 16captive-portal external profile CPPM_GUEST-CP-PROFILErule any any match udp 67 68 permitrule any any match udp 53 53 permit
wlan ssid-profile <ssid-name/profile>disableindex 2type guestessid iap_cppm_guest_ssidopmode opensystemmax-authentication-failures 0vlan 101auth-server <CPPM-SERVER>set-role-pre-auth GUEST-CP-ROLEset-role-mac-auth GUEST-ROLErf-band allcaptive-portal external profile CPPM_GUEST-CP-PROFILEmac-authenticationmac-authentication-delimiter :hide-ssiddtim-period 1inactivity-timeout 1000broadcast-filter arpradius-accountingradius-interim-accounting-interval 15dmo-channel-utilization-threshold 90local-probe-req-thresh 0max-clients-threshold 64
Whitelist ClearPass servers:
lan walled-gardenwhite-list "<ClearPass server IP"
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.