Security

last person joined: an hour ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Captive Portal - Win XP Issue ONLY

  • 1.  Captive Portal - Win XP Issue ONLY

    Posted Apr 20, 2013 12:41 PM

    So everything seems to work fine on OSX/iOS/Android/7/8... however, I have a user who is experiencing problems with his Windows XP box. Here is the problem as he describes it:

     

    He brings up a browser (does the same thing with IE8, Firefox 20, or Chrome) and it takes about 4 and a half minutes for him to even see the captive portal splash page. Once he clicks "ACCEPT" to get on the network, it takes an additional 30 seconds before finally landing him at google.

     

    Has anyone ever heard of this? (CONTENT OMIITTED FOR BREVITY)

     

    BTW - Lodge 5 is the hotel lodge this user is in. You can see I adjusted the MTU to 1400 to try and attack the problem already.

     

    version 6.2
    hostname "LA_CHEYENNE_MASTER"
    clock timezone 0
    location "Building1.floor1"
    controller config 66
    ip cp-redirect-address 192.168.31.3
    ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
    ip access-list eth validuserethacl
    permit any

     

     

    ip default-gateway 10.13.50.1
    uplink disable

     

    aaa profile "CaptivePortal-aaa"
    initial-role "guest-logon"
    !
    aaa profile "default"
    !
    aaa authentication captive-portal "Captive-Portal_prof"
    default-role "authenticated"
    redirect-pause 3
    no user-logon
    protocol-http
    show-acceptable-use-policy

    !
    aaa authentication wispr "default"
    !
    aaa authentication vpn "default"
    !
    aaa authentication vpn "default-rap"
    !
    aaa authentication mgmt
    !
    aaa authentication stateful-ntlm "default"
    !
    aaa authentication stateful-kerberos "default"
    !
    aaa authentication stateful-dot1x
    !
    aaa authentication wired
    profile "CaptivePortal-aaa"
    !

    ap system-profile "AP_SYSTEM_PROFILE_A"
    rf-band a
    led-mode off
    mtu 1400
    !
    ap system-profile "AP_SYSTEM_PROFILE_G"
    led-mode off
    mtu 1400
    !
    ap system-profile "apsys_prof-gxh88"
    !
    ap system-profile "default"
    led-mode off
    mtu 1400
    !
    ap system-profile "LODGE1_APSYSTEMPROFILE_A"
    rf-band a
    !
    ap system-profile "LODGE2_APSYSTEMPROFILE_A"
    rf-band a
    !
    ap system-profile "LODGE3_APSYSTEMPROFILE_A"
    rf-band a
    !
    ap system-profile "LODGE4_APSYSTEMPROFILE_A"
    rf-band a
    !
    ap system-profile "LODGE5_APSYSTEMPROFILE_A"
    rf-band a
    led-mode off
    mtu 1400
    !
    ap system-profile "LODGE5_APSYSTEMPROFILE_BG"
    led-mode off
    mtu 1400
    !

    !
    wlan virtual-ap "VAP_LACheyenneGuest"
    aaa-profile "CaptivePortal-aaa"
    ssid-profile "SSID_LACheyenneGuest"
    vlan 312
    !
    wlan virtual-ap "VAP_LACheyenneGuest_L2"
    aaa-profile "CaptivePortal-aaa"
    ssid-profile "SSID_LACheyenneGuest"
    vlan 322
    !
    wlan virtual-ap "VAP_LACheyenneGuest_L3"
    aaa-profile "CaptivePortal-aaa"
    ssid-profile "SSID_LACheyenneGuest"
    vlan 332
    !
    wlan virtual-ap "VAP_LACheyenneGuest_L4"
    aaa-profile "CaptivePortal-aaa"
    ssid-profile "SSID_LACheyenneGuest"
    vlan 342
    !
    wlan virtual-ap "VAP_LACheyenneGuest_L5"
    ssid-profile "SSID_LACheyenneGuest"
    vlan 352
    !

    !
    ap-group "CHY_LODGE5_93H-2.4"
    virtual-ap "VAP_LACheyenne_L5"
    dot11a-radio-profile "RF-AP-a-Off"
    dot11g-radio-profile "RF-AP-g-on"
    enet1-port-profile "CHY_Lodge5WiredAP"
    enet2-port-profile "CHY_Lodge5WiredAP"
    enet3-port-profile "CHY_Lodge5WiredAP"
    enet4-port-profile "CHY_Lodge5WiredAP"
    ap-system-profile "AP_SYSTEM_PROFILE_G"
    !
    ap-group "CHY_LODGE5_93H-5.0"
    virtual-ap "VAP_LACheyenne_L5"
    virtual-ap "WiFi_Admin"
    dot11a-radio-profile "RF-AP-a-on"
    dot11g-radio-profile "RF-AP-g-Off"
    enet1-port-profile "CHY_Lodge5WiredAP"
    enet2-port-profile "CHY_Lodge5WiredAP"
    enet3-port-profile "CHY_Lodge5WiredAP"
    enet4-port-profile "CHY_Lodge5WiredAP"
    ap-system-profile "AP_SYSTEM_PROFILE_A"
    !
    ap-group "default"
    !
    logging level warnings security subcat ids
    logging level warnings security subcat ids-ap

    snmp-server enable trap

    process monitor log
    end

     



  • 2.  RE: Captive Portal - Win XP Issue ONLY

    Posted Apr 20, 2013 12:47 PM

    Did you try a different Windows XP computer?

     



  • 3.  RE: Captive Portal - Win XP Issue ONLY

    Posted Apr 20, 2013 12:52 PM

    I don't have that ability; however there is one other user in the hotel somewere on XP who is stuck in the logon role, so I'm guessing he may be running into the same issue. I only have a Windows 8 VM to test with, OSX, Droid and iPhone here.



  • 4.  RE: Captive Portal - Win XP Issue ONLY

    Posted Apr 20, 2013 02:11 PM
    Just for a test to aid troubleshooting.. ask the user to shut off his windows firewall. I've encountered this same issue, but only when captive portal is on Clearpass in a different network/subnet.