Wireless Access

 View Only
  • 1.  Captive Portal URL loop

    Posted Jul 21, 2014 01:20 PM

    Greetings.

    I'm having a devil of a time figuring out the source of a captive portal redirect loop. I have an AP in a group with a captive portal that is working fine for our entire enterprise. The captive portal page looks remarkably like the one here with an "I Accept" button: https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-154

     

    I'm trying to create a new SSID with the campus WAN wizard and copy the working captive portal page. I've copied all the settings (initial role, etc) from the working one to the best of my ability. The signon URL of the working one shows AP group, IP address, MAC, etc. ie:

     

    https://securelogin.arubanetworks.com/upload/custom/la_open-cp_prof/public_wireless_internet_access.htm?cmd=login&mac=00:24:2b:97:51:8c&ip=172.35.167.60&essid=oabc_open&apname=d8%3Ac7%3Ac8%3Ac2%3Ac8%3A6c&apgroup=OABC_CP_OPEN&url=http%3A%2F%2Fgoogle.com%2F

     

    I'm keeping the AP in the same group (OABC_CP_OPEN). I go to Management > Captive Portal > Upload > and upload the exact same HTML (with the file renamed) as Captive Portal Login (top level).

    When I go to Security > Authentication > L3 Authentication the working one reads: /upload/custom/la_open-cp_prof/public_wireless_internet_access.htm

     

    I copy the same HTML page renamed to oabc_public_wireless_internet_access.htm, change the Security > Authentication > L3 Authentication > login page variable to /upload/custom/oabc_open-cp_prof/oabc_public_wireless_internet_access.htm and when the captive portal page tries to load it blows up and shows the IP, MAC, AP group, etc, over and over:

     

    https://securelogin.arubanetworks.com/upload/custom/oabc_open-cp_prof/oabc_public_wireless_internet_access.htm?cmd=login&mac=00:24:2b:97:51:8c&ip=172.35.167.60&essid=oabc%5Fopen&apname=d8%3Ac7%3Ac8%3Ac2%3Ac8%3A6c&apgroup=OABC_CP_OPEN&url=https%3A%2F%2Fsecurelogin%2Earubanetworks%2Ecom%2Fupload%2Fcustom%2Foabc%5Fopen%2Dcp%5Fprof%2Foabc%5Fpublic%5Fwireless%5Finternet%5Faccess%2Ehtm%3Fcmd%3Dlogin%26mac%3D00%3A24%3A2b%3A97%3A51%3A8c%26ip%3D172%2E35%2E167%2E60%26essid%3Doabc%255Fopen%26apname%3Dd8%253Ac7%253Ac8%253Ac2%253Ac8%253A6c%26apgroup%3DOABC%5FCP%5FOPEN%26url%3Dhttps%253A%252F%252Fsecurelogin%252Earubanetworks%252Ecom%252Fupload%252Fcustom%252Foabc%255Fopen%252Dcp%255Fprof%252Foabc%255Fpublic%255Fwireless%255Finternet%255Faccess%252Ehtm%253Fcmd%253Dlogin%2526mac%253D00%253A24%253A2b%253A97%253A51%253A8c%2526ip%253D172%252E35%252E167%252E60%2526essid%253Doabc%25255Fopen%2526apname%253Dd8%25253Ac7%25253Ac8

     

     

    If I leave everything else the same and change the login variable to the working one: /upload/custom/la_open-cp_prof/public_wireless_internet_access.htm it works fine. So, just flip flopping the login page variable will fix it or break it.

     

    So essentially, two SSID's same HTML and the only thing I change is the log on variable. Clearly I've missed something. Does any of this make sense and does anyone have a suggestion on where to look given my rambling description?

     

    Thanks,

    Scott.

     

    PS. I'm also having trouble showing the entire URL's. This post truncates it.



  • 2.  RE: Captive Portal URL loop

    Posted Jul 21, 2014 09:39 PM

    Can you share the following to compare:

     

    show rights <logon-role1>

    show rights <logon-role2>

     

    show aaa authentication captive-portal <nameofcaptiveportal1>  (captive portal shown in show rights1)

    show aaa authentication captive-portal <nameofcaptiveportal2>  (captive portal shown in show rights2)

     

    can you also share the HTML page that is not working?

     



  • 3.  RE: Captive Portal URL loop

    Posted Jul 24, 2014 09:18 PM

    Thanks for the quick reply. Sorry that my response isn't as fast. I've been fighting a bug (analog, not digital). I've attatched the requested info.



  • 4.  RE: Captive Portal URL loop

    Posted Jul 28, 2014 11:59 PM

    Hi Scott,

    Name wise, you attached public_wireless_internet_access.htm , but according to your post this may be the  'ok' one, whereas oabc_public_wireless_internet_access.htm maybe is the one that you meant to post. Can you confirm ?

    regards

    -jeff



  • 5.  RE: Captive Portal URL loop

    Posted Jul 29, 2014 12:12 PM
      |   view attached

    The HTML is the exact same for both. Only the name has changed.

    Sorry, that was confusing. But yes, it's something about the oabc profile or something that is acting up.

     

    Thanks for the reply.

     

    Scott.

    Attachment(s)



  • 6.  RE: Captive Portal URL loop

    Posted Jul 30, 2014 01:00 AM

    Scott

    that is strange, the html is, as you state, identical and benign. Can you confirm after putting this "faulty" one back, that if you use a browser in privacy mode (and/or flush everything out) that you still see the issue? Does this loop happen on the initial redirect, or, after you press "I Accept"

     

    Suggestion, put the CP to http (in the CP profile, allow http) , clear your browser cache, start wireshark, browse to some http:// website and capture what goes on, have a close look at the 302 redirect that comes back, it should be pointing to your login file.

     

    append the wireshark cap here if you like

     

    regards

    -jeff



  • 7.  RE: Captive Portal URL loop

    Posted Jul 30, 2014 12:22 PM

    @sdencar wrote:

     

    PS. I'm also having trouble showing the entire URL's. This post truncates it.


    Sorry not a usefull response to your problem but just a fyi about the url truncation.

    Check http://community.arubanetworks.com/t5/Community-Feedback/code-brackets/td-p/186140 for a discussion about this.