Wireless Access

last person joined: 4 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

8.3.0.2 - External Captive portal - Clients can't get the default role

Jump to Best Answer
  • 1.  8.3.0.2 - External Captive portal - Clients can't get the default role

    Posted Sep 11, 2018 08:28 AM

    Hi Community,

    I'd configured an external captive portal. It was working fine on version 8.2.1.0.

    After upgrading to 8.3.0.2, Clients are able to get the external captive portal page but  cannot get the default role.

    I tried to get both link "http://<controller ip>/auth/index.html/u" and "http://<controller ip>/cgi-bin/login" but clients are still in initial role and stuck in the same external captive portal page.

     

    On the external captive portal, I use this html code on the button to quit captive portal:

    <form method="post" id="myForm" autocomplete="off" action="http://10.200.116.11/cgi-bin/login">
    <div class="col-sm-6 col-lg-6">
    <input type="submit" name="accept" id="accept" value="Get Started" class="btn btn-primary btn-lg btn-padding" />
    </div>
    aaa authentication captive-portal "thuypbt1_cppm_sg"
    default-role "vng_lab"
    server-group "thuypbt1_cppm_sg"
    login-page "http://10.205.14.13/"   (-->IP of external captive portal)
    white-list "thuypbt1_cppm_sg"
    redirect-url "https://zing.vn"
    !
    
    aaa server-group "thuypbt1_cppm_sg"
     auth-server CPPM position 1
    !
    
    aaa profile "Test-lab"
        initial-role "thuypbt1"
        dot1x-default-role "vng_lab"
    !
    
    user-role thuypbt1
        captive-portal "thuypbt1_cppm_sg"
        access-list session global-sacl
        access-list session apprf-thuypbt1-sacl
        access-list session thuypbt1
        access-list session captiveportal
    
    netdestination thuypbt1_cppm_sg
        host 10.205.14.13
    !
    ip access-list session thuypbt1
        any any svc-dns permit
        any any svc-dhcp permit
        any  host 10.200.0.5 any permit
        any  host 10.205.14.13 svc-http permit
        any  host 10.205.14.13 svc-https permit
        any alias onboard-whitelist svc-https permit
        any alias vng_lab_whitelist svc-https permit
        any  host 49.213.67.133 svc-https permit
    !

    How can I configure to get the default role?

    This configuration was working fine on version 8.2.1.0.

    Thanks a lot for your help

    Thuy.

     

     

     

     

     

     



  • 2.  RE: 8.3.0.2 - External Captive portal - Clients can't get the default role

    Posted Sep 11, 2018 10:50 AM

    Take a look at the docs here:

     

    https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Internal_Captive_Portal.htm#captive_portal_2658586545_1085111

     

    Using the action /auth/index.html/u should be correct. You'll need to verify the html code to ensure that a username is being returned as part of the POST to toggle the authentication.



  • 3.  RE: 8.3.0.2 - External Captive portal - Clients can't get the default role

    Posted Sep 12, 2018 12:57 AM

    Hi Charlie,

    Thanks for this information.

    Could you please help me to check my html code? I tried these codes but It isn't working

    <form method="post" id="myForm" autocomplete="off" action="http://10.200.116.11/auth/index.html/u">
    		        <div class="col-sm-6 col-lg-6">
                    <input type="hidden" name="user" value="guest">
                    <input type="hidden" name="password" value="guest">
                    <input type="submit" name="Accept" value="authenticate">
    <FORM method="post" autocomplete="off" ACTION="http://10.200.116.11/auth/index.html/u">
            Username:<BR>
            <INPUT type="text" name="user" accesskey="u" SIZE="25" VALUE="">
            <BR>
            Password:<BR>
            <INPUT type="password" name="password" accesskey="p" SIZE="25" VALUE="">
            <BR>
            <INPUT type="submit">
        </FORM> 

     Thank you so much.

    Thuy.

     

    Index.html file



  • 4.  RE: 8.3.0.2 - External Captive portal - Clients can't get the default role

    Posted Sep 12, 2018 07:13 AM

    I taked the wireshark capture on client.

    Non-working captureNon-working captureWorking captureWorking captureWhy did controller send a Temporarily moved to client?

     



  • 5.  RE: 8.3.0.2 - External Captive portal - Clients can't get the default role

    Posted Sep 12, 2018 12:00 PM

    @tigerbt wrote:

    I taked the wireshark capture on client.

    Non-working captureNon-working captureWorking captureWorking captureWhy did controller send a Temporarily moved to client?

     


    The temporaryily moved redirect is the initial captive portal insertion. The client device tried to access some website, and the controller intercepts that and does a 302 redirect to get the client device to the captive portal page.



  • 6.  RE: 8.3.0.2 - External Captive portal - Clients can't get the default role
    Best Answer

    Posted Sep 19, 2018 03:54 AM

    Thanks Cclemmer,

    I'd downgraded cluster to version 8.2.1.0 and everything is working fine now.

    I opened a CASE but Aruba engineer haven't found out the reason.

     

    Thuy.