Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass Guest Captiveportal Redirect Incorrectly

Jump to Best Answer
  • 1.  ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 27, 2015 05:17 PM

    We has been opened guest, but now I need to deploy ClearPass guest in hospital for a marketing purpose. Everything seems to work correctly except this one:
    I create a Web Logins in ClearPass Guest, when I click Test it works correctly, the page address is:
    http://cp01.lab.net/guest/test.php
    However, when a user connect to guest ssid, the page redirects to:
    http://172.18.1.1cp01.lab.net/guest/test.php
    Where 172.18.1.1 is the controller IP address. If I remove 172.18.1.1 from the link, it works.
    How can I fix this Captive portal redirection?
    My AOS 6.4.2.8, CPPM 6.5.1.72346, and I use default securelogin.arubanetworks.com
    My captive portal:

    (aruba-master) #show aaa authentication captive-portal Test
    
    Captive Portal Authentication Profile "Test"
    --------------------------------------------
    Parameter                                          Value
    ---------                                          -----
    Default Role                                       guest
    Default Guest Role                                 guest
    Server Group                                       RADIUS
    Redirect Pause                                     10 sec
    User Login                                         Enabled
    Guest Login                                        Disabled
    Logout popup window                                Enabled
    Use HTTP for authentication                        Enabled
    Logon wait minimum wait                            5 sec
    Logon wait maximum wait                            10 sec
    logon wait CPU utilization threshold               60 %
    Max Authentication failures                        0
    Show FQDN                                          Disabled
    Authentication Protocol                            PAP
    Login page                                         cp01.lab.net/guest/test.php
    Welcome page                                       /auth/welcome.html
    Show Welcome Page                                  No
    Add switch IP address in the redirection URL       Disabled
    Adding user vlan in redirection URL                Disabled
    Add a controller interface in the redirection URL  N/A
    Allow only one active user session                 Disabled
    White List                                         N/A
    Black List                                         N/A
    Show the acceptable use policy page                Disabled
    User idle timeout                                  N/A
    Redirect URL                                       N/A
    Bypass Apple Captive Network Assistant             Disabled
    URL Hash Key                                       N/A

    Thanks,



  • 2.  RE: ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 27, 2015 05:49 PM

    Check the initial role that the user is getting assigned and verify that the Captive portal profile is the correct one 



  • 3.  RE: ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 27, 2015 05:55 PM

    Thanks for reply. The logon is correct captiveportal profile:

    (aruba-master) #show rights Test-logon
    
    Derived Role = 'Test-logon'
     Up BW:No Limit   Down BW:No Limit
     L2TP Pool = default-l2tp-pool
     PPTP Pool = default-pptp-pool
     Periodic reauthentication: Disabled
     DPI Classification: Enabled
     Web Content Classification: Enabled
     ACL Number = 104/0
     Max Sessions = 65535
    
     Check CP Profile for Accounting = TRUE
     Captive Portal profile = Test
    
    Application Exception List
    --------------------------
    Name  Type
    ----  ----
    
    Application BW-Contract List
    ----------------------------
    Name  Type  BW Contract  Id  Direction
    ----  ----  -----------  --  ---------
    
    access-list List
    ----------------
    Position  Name                   Type     Location
    --------  ----                   ----     --------
    1         global-sacl            session
    2         apprf-Test-logon-sacl  session
    3         CCPM                   session
    4         logon-control          session
    5         captiveportal          session
    
    ......

     

     

     



  • 4.  RE: ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 27, 2015 08:46 PM
    Can you confirm that the user is getting that initial role ?

    show user-table | include <mac address>


  • 5.  RE: ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 27, 2015 10:30 PM

    Yes, confirm.  User connects and gets initial role Test-logon, and redirects to captiveportal Test.

    If I change the captiveportal login page to controller default /auth/index.html, it works.

    This is my Web login:

      Capture.PNG



  • 6.  RE: ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 28, 2015 08:57 AM
    Everything looks good, this is odd

    Try a couple of things:
    - Change the URL in the Captive portal profile to reflect the IP of CPPM instead of the DNS name and see what happens
    - Try recreating the a Captive portal profile and add whitelist CPPM and remove it from the ACL from the user-role
    - Run the packet capture and see what's going on there
    - Try another browser


  • 7.  RE: ClearPass Guest Captiveportal Redirect Incorrectly
    Best Answer

    Posted Jul 28, 2015 06:40 PM

    After multiple attempts I found the solution. It is quite simple:

     

    In my Captive portal profile check this line:

    Login page   cp01.lab.net/guest/test.php

    Change to

    Login page    http://cp01.lab.net/guest/test.php

    Problem SOLVED!

    Many thanks to Victor for your helps



  • 8.  RE: ClearPass Guest Captiveportal Redirect Incorrectly

    Posted Jul 28, 2015 07:12 PM
    haha good catch i def missed it