Security

last person joined: 7 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Not Redirecting to Amigopod Captive Portal

  • 1.  Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 04:12 PM

    I'm hoping someone has seen the same issue I've run into now.  I followed the ArubaOS Integration guide for AmigoPod but when connecting a client to the wireless network, I never see the captive portal, the client times out with a page cannot be displayed.  I can resolve DNS and ping to the Internet.  I can also pull up the page of the captive portal manually.

     

    Suggestions anyone?



  • 2.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 04:26 PM

    If you can pull up the page manually thats a good sign and rules out a bunch of things.  Based on these symptoms it must be getting stuck at the redirect, I would check:

     

    - For your "initial-role" do you have the right captive portal profile set

    - In that captive portal profile is the right login page set (to point to Amigopod page) and is in the format of "https://<amigopod-ip>/<page-name>.php"?

     

     



  • 3.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 04:53 PM

    The initial role does have the correct captive portal set.  Also, the captive portal profile is in the format "https://<amigopod-ip>/pagename.php



  • 4.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 04:56 PM

    If you can open that page direct, and the config is correct, typically this would be a DNS issue, but you state that is working.  Can you post the relevant config (roles, policies, aaa profiles, captive portal profiles, etc) as well as a "show user"?



  • 5.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 05:09 PM

    user-role amigopod-role
     captive-portal "Amigopod-CP"
     access-list session amigopod
     access-list session guest-logon-access

     

    ip access-list session amigopod
      user   alias AmigoPod svc-https permit
      user   alias AmigoPod svc-http permit

    aaa authentication-server radius "AmigoPod-Server"
       host "x.x.x.x"
       key c9364ecca4168a429bfdf7725179ea2ef0ddf3aea2f69f32
       nas-identifier "aruba-3200"
       nas-ip y.y.y.y

     

    aaa server-group "amigopod-group"
     auth-server AmigoPod-Server

     

    aaa profile "AmigoPod-AAA"
       initial-role "amigopod-role"
       radius-accounting "amigopod-group"
       rfc-3576-server "x.x.x.x"

     

    aaa authentication captive-portal "Amigopod-CP"
       server-group "amigopod-group"
       redirect-pause 3
       no logout-popup-window
       login-page "https://x.x.x.x/Login_Page.php"
       welcome-page "https://x.x.x.x/Welcome_Page.php"
       no enable-welcome-page
       switchip-in-redirection-url

     

    wlan virtual-ap "amigopod-demo-vap"
       aaa-profile "AmigoPod-AAA"
       ssid-profile "amigopod-ssid-prof"
       vlan 1723

     

    (Aruba3200) #show user

    Users
    -----
        IP               MAC            Name     Role           Age(d:h:m)  Auth  VPN link  AP name            Roaming   Essid/Bssid/Phy                       Profile       Forward mode  Type
    ----------      ------------       ------    ----           ----------  ----  --------  -------            -------   ---------------                       -------       ------------  ----
    172.31.254.104  c8:bc:c8:de:d6:ea            amigopod-role  00:00:00                    d8:c7:c8:c3:34:b0  Wireless  reynholm-demo/d8:c7:c8:b3:4b:11/a-HT  AmigoPod-AAA  tunnel        OS X

     

    Also note that I have tested with multiple platforms.  OS X, Windows 7, iPad as well as with Firefox and IE.



  • 6.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 05:41 PM

    I would suggest having a look at the configuration of your initial role. It should include the captiveportal policy entries as shown in the App Note extract below:

     

    user-role "guest-logon"

    access-list session "amigopod" position 1

    access-list session "captiveportal" position 2

    access-list session "guest-logon-access" position 3

    access-list session "block-internal-access" position 4

    access-list session "v6-logon-control" position 5

    access-list session "captiveportal6" position 6

    captive-portal "guestnet"

     

    This policy is the one that actually enables the controller to perform the HTTP 302 redirect to the Amigopod landing page defined in your Captive Portal policy.

     

    Hope this helps

     

    Cam.



  • 7.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 31, 2011 09:55 AM

    Which ArubaOS version are U using? Something very similar happened to me with version 5.0.x (I can't remember the exact version) and it got fixed by upgrading to ArubaOS 6.1 (read the release notes If you're going to do this, 'cause you'll probably need to do a 2 step upgrade).

     

    In my case, when I did an nslookup (with an external web portal configured) from the client device I always got the controllers IP address instead of the IP I was trying to resolve. This only happened with an external web portal, not with the internal one. Once I upgraded the SW everything started working as expected.



  • 8.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Jan 04, 2012 10:30 AM

    I'm currently running ArubaOS 6.1.  So far using the document provided in an earlier post as well as the Aruba application note, I haven't gotten any further.  When I do a nslookup I do get the IP of the site requested, not the IP of the controller.



  • 9.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Jan 04, 2012 02:12 PM

    Once your test client has connected to the guest ssid, try doing a show user-table from the CLI and check what initial role the device is in. You need to then make sure the captiveportal policy is listed in this Role similar to my previous post.



  • 10.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Jan 31, 2012 09:54 AM

    Thank you all for your help.  I've gotten one step further and can now get the captive portal redirecting properly to force a login, VLAN associated with the guest wireless was missing an IP.  However, after I login it looks like it's trying to pass credentials to the controller IP but then the browser fails with a message stating the connection was interrupted.



  • 11.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Feb 01, 2012 02:23 PM

    I would suggest checking what IP address or hostname you have configured in the Amigopod Web Login setup. This address will need to be accessible from the guest device based on the VLAN and firewall rules included in your initial role.



  • 12.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 11:40 PM
      |   view attached

     

    TRY this document 

     

    ...

    Attachment(s)



  • 13.  RE: Not Redirecting to Amigopod Captive Portal

    Posted Dec 29, 2011 11:41 PM
      |   view attached

    Try this Document and make sure ur configuration by comparing this guide ......and main point is check the

    ip access-list session on captiveportal and make sure u have added the net destination pointed towards amigopod ( adding net- destination is there in configuration > strateful firewall >net -dst )

     

     

    ...

    Attachment(s)