Controllerless Networks

last person joined: 4 minutes ago 

Aruba Instant Wi-Fi: Meet the controllerless Wi-Fi solution that's easy to set-up, is loaded with security and smarts, and won't break your budget.
Expand all | Collapse all

CP doesn't work in IAP207

Jump to Best Answer
  • 1.  CP doesn't work in IAP207

    Posted Jul 18, 2019 11:49 AM

    Hi !

     

    We have 3 IAP 207, with 2 SSID, one SSID for corporate using MAC access and the other one SSID for guest, using user/pass in captive portal embebed.

     

    The problem is when some client connect to guest SSID the captive portal doesn't open.

     

    Name:
    Aruba Operating System Software
    Type:
    207
    Build Time:
    2019-02-14 07:15:35 UTC (build 69128) by p4build
    Version:
    8.3.0.6

    http://www.arubanetworks.com

    It was running fine until now.

     

    Thanks in advance,

     



  • 2.  RE: CP doesn't work in IAP207

    Posted Jul 19, 2019 03:45 AM

    There could be a few reasons as to why the Captive Portal is not displayed. Firstly, is this the internal Captive Portal on the IAP or an External Captive Portal such as CPPM.

     

    Does your Captive Portal have a publicly assigned certificate installed? Different clients will have different behaviour when a invalid cert is installed which could result in the Captive Portal not being displayed.

     

    Are the Clients assigned a valid and working DNS server (e.g can you do a nslookup from the Guest VLAN)?. The VC will intercept the clients DNS reply and re-direct to the Captive Portal. If there is no working DNS server, there will be no DNS reply and no Capitve Portal displayed.

     



  • 3.  RE: CP doesn't work in IAP207

    Posted Sep 10, 2019 07:26 AM
      |   view attached

    The problem is the certificate embebed in the IAP controller.

    It's not valid to the browsers and cut the connection.

    How Can I use a valid certificated from Aruba ?



  • 4.  RE: CP doesn't work in IAP207

    Posted Sep 10, 2019 08:20 AM


  • 5.  RE: CP doesn't work in IAP207

    Posted Sep 10, 2019 08:55 AM


  • 6.  RE: CP doesn't work in IAP207

    Posted Sep 10, 2019 11:53 AM
      |   view attached

    Which Type of certificated I have to generate and update ?



  • 7.  RE: CP doesn't work in IAP207

    Posted Sep 10, 2019 11:57 AM

    You will need to create a publically signed certificate (of your choice) for the Captive Portal? Did you take a look at the below, as this provides all of the information.

     

    https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

     

    And for the cert :

     

    https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/Authentication/Certificates.htm



  • 8.  RE: CP doesn't work in IAP207

    Posted Sep 10, 2019 12:28 PM

    Thanks, 

     

    I'm not sure  I need to create a publically signed certificate.

    I would like to implement the easier solution in order to have the captive portal working properly again.

     

    I only need to use the internal captive portal to validate users in the guest SSID. What is your recommendations to implement the easier way ?

     

    Thanks in advanced.



  • 9.  RE: CP doesn't work in IAP207

    Posted Sep 11, 2019 04:07 AM

    Hey, you will need a valid certificate on the Captive Portal regardless. If you have no control of the devices which will be using the Captive Portal, then you will need a publically signed certificate. Reason being is the Certificate Store on the untrusted device should contain the Root CA of the certificate which you are using.


    If you do have control over the devices (e.g company owned devices) then you will have control over the trust store on the device.

     

    There is the HTTP options but any credentials will be sent in clear text.



  • 10.  RE: CP doesn't work in IAP207

    Posted Sep 11, 2019 05:12 AM
    How Can I set Http options ?
    Despite this http option someday browsers reject http connections and will
    have the same problem.

    Thanks,

    Fco. Javier Sánchez
    Infraestructuras • Comunicaciones • Ciberseguridad
    T. 670 07 14 31 · fjsanchez@neotica.net
    Carrer de l'Empordà, 35
    08192 Sant Quirze del Vallès
    Barcelona
    Tel. 93 159 31 31· www.neotica.net


  • 11.  RE: CP doesn't work in IAP207
    Best Answer

    Posted Sep 11, 2019 05:42 AM

    Apologies, HTTP is only supported when using an External Captive Portal. If you wish to use the internal portal, then a certificate will be required.