Security

Hello, 

I have read through mutlipel threads regarding clients not recieving the captive portal pop-up when connecting to guest from an Apple device. We DO NOT have the CNA bypass enabled, I have opened tickets with support,  but no resolution. 

I suspect it could be the fact that captive.apple.com is not being completely allowed by policy? Below are my captive portal rules, can someone confirm if these need adjusted? I will note that currently when you connect with an Apple device you have to use firefox/chrome and browse to google.com to be redircted properly.

If you try to browse to "captive.apple.com" directly from any browser you get a "success" page. 

Thanks in advance!!

If you see the Success message in the browser, that means that either:

- captive.apple.com is allowed through the captive portal, likely through a whitelist

or

- some form of CNA bypass is enabled and spoofing the Success message to your device.

or

- there is another path from your client to captive.apple.com that is more preferred and doesn't have the redirect.

For some reason, the request is not redirected and that results in the pop up not being shown.

What you could do is to find the role that the user is in during this situation (show users on CLI, of client view in WebUI), then carefully check what is in the role (CLI: 'show rights mylogonrole' if the client is in a role named mylogonrole). In the controller CLI you could also do a 'show datapath session' to see if and how the client hits the datapath. If you don't feel comfortable to do this analysis, it may be good to involve your Aruba partner or Aruba support.