I'm hoping someone has seen the same issue I've run into now. I followed the ArubaOS Integration guide for AmigoPod but when connecting a client to the wireless network, I never see the captive portal, the client times out with a page cannot be displayed. I can resolve DNS and ping to the Internet. I can also pull up the page of the captive portal manually.
If you can pull up the page manually thats a good sign and rules out a bunch of things. Based on these symptoms it must be getting stuck at the redirect, I would check:
- For your "initial-role" do you have the right captive portal profile set
- In that captive portal profile is the right login page set (to point to Amigopod page) and is in the format of "https://<amigopod-ip>/<page-name>.php"?
The initial role does have the correct captive portal set. Also, the captive portal profile is in the format "https://<amigopod-ip>/pagename.php
If you can open that page direct, and the config is correct, typically this would be a DNS issue, but you state that is working. Can you post the relevant config (roles, policies, aaa profiles, captive portal profiles, etc) as well as a "show user"?
user-role amigopod-role captive-portal "Amigopod-CP" access-list session amigopod access-list session guest-logon-access
ip access-list session amigopod user alias AmigoPod svc-https permit user alias AmigoPod svc-http permit
aaa authentication-server radius "AmigoPod-Server" host "x.x.x.x" key c9364ecca4168a429bfdf7725179ea2ef0ddf3aea2f69f32 nas-identifier "aruba-3200" nas-ip y.y.y.y
aaa server-group "amigopod-group" auth-server AmigoPod-Server
aaa profile "AmigoPod-AAA" initial-role "amigopod-role" radius-accounting "amigopod-group" rfc-3576-server "x.x.x.x"
aaa authentication captive-portal "Amigopod-CP" server-group "amigopod-group" redirect-pause 3 no logout-popup-window login-page "https://x.x.x.x/Login_Page.php" welcome-page "https://x.x.x.x/Welcome_Page.php" no enable-welcome-page switchip-in-redirection-url
wlan virtual-ap "amigopod-demo-vap" aaa-profile "AmigoPod-AAA" ssid-profile "amigopod-ssid-prof" vlan 1723
(Aruba3200) #show userUsers----- IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ----172.31.254.104 c8:bc:c8:de:d6:ea amigopod-role 00:00:00 d8:c7:c8:c3:34:b0 Wireless reynholm-demo/d8:c7:c8:b3:4b:11/a-HT AmigoPod-AAA tunnel OS X
Also note that I have tested with multiple platforms. OS X, Windows 7, iPad as well as with Firefox and IE.
I would suggest having a look at the configuration of your initial role. It should include the captiveportal policy entries as shown in the App Note extract below:
access-list session "amigopod" position 1
access-list session "captiveportal" position 2
access-list session "guest-logon-access" position 3
access-list session "block-internal-access" position 4
access-list session "v6-logon-control" position 5
access-list session "captiveportal6" position 6
This policy is the one that actually enables the controller to perform the HTTP 302 redirect to the Amigopod landing page defined in your Captive Portal policy.
Hope this helps
Which ArubaOS version are U using? Something very similar happened to me with version 5.0.x (I can't remember the exact version) and it got fixed by upgrading to ArubaOS 6.1 (read the release notes If you're going to do this, 'cause you'll probably need to do a 2 step upgrade).
In my case, when I did an nslookup (with an external web portal configured) from the client device I always got the controllers IP address instead of the IP I was trying to resolve. This only happened with an external web portal, not with the internal one. Once I upgraded the SW everything started working as expected.
I'm currently running ArubaOS 6.1. So far using the document provided in an earlier post as well as the Aruba application note, I haven't gotten any further. When I do a nslookup I do get the IP of the site requested, not the IP of the controller.
Once your test client has connected to the guest ssid, try doing a show user-table from the CLI and check what initial role the device is in. You need to then make sure the captiveportal policy is listed in this Role similar to my previous post.
Thank you all for your help. I've gotten one step further and can now get the captive portal redirecting properly to force a login, VLAN associated with the guest wireless was missing an IP. However, after I login it looks like it's trying to pass credentials to the controller IP but then the browser fails with a message stating the connection was interrupted.
I would suggest checking what IP address or hostname you have configured in the Amigopod Web Login setup. This address will need to be accessible from the guest device based on the VLAN and firewall rules included in your initial role.
TRY this document
Try this Document and make sure ur configuration by comparing this guide ......and main point is check the
ip access-list session on captiveportal and make sure u have added the net destination pointed towards amigopod ( adding net- destination is there in configuration > strateful firewall >net -dst )
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.