ArubaOS and Controllers

Reply
Highlighted
Occasional Contributor II

Re: Captive Portal Problem

Ok but after authentication users are push to user role :

intial-role : logon
after authentication : authenticated (for example)

In the user role (after authentication) you must have an acl that redirect https session send to your controller to port 8081 to allow the logout page. This acl have to be define before allowing web access

ip access-list session web-logout
any alias mswitch svc-https dst-nat 8081
!

ip access-list sesion web
any any svc-http permit
any any svc-https permit
!

user-role guest
session-acl control
session-acl web-logout
session-acl web
.....
Highlighted
Regular Contributor I

Re: Captive Portal Problem



In the user role (after authentication) you must have an acl that redirect https session send to your controller to port 8081 to allow the logout page. This acl have to be define before allowing web access

ip access-list session web-logout
any alias mswitch svc-https dst-nat 8081
!

.....




perfect , that was the missing entry, cause i changed the guest-role with the policies and now it looks like this for the guest-role :

"deny-private-Subnets" (one of the policies for the guest-role)
ip access-list session deny-private-Subnets
any network 10.0.0.0 255.0.0.0 any deny log
any network 172.16.0.0 255.240.0.0 any deny log
any network 192.168.0.0 255.255.0.0 any deny log
user host xxx.xxx.xxx.xxx any deny log (our external ISP-IP of the controller)
any any any permit log


"allow-any-guest" (the policy below above deny-private):
ip access-list session allow-any-guest
network 192.168.111.0 255.255.255.0 any any permit log


and now the new one above those 2 listed here:

ip access-list session guest-web-logout
any alias mswitch svc-https permit log

now the guest-role looks like this :

user-role guest
vlan 2109
captive-portal "default"
session-acl guest-web-logout
session-acl deny-private-Subnets
session-acl allow-any-guest


now the LOGOUT button popup is shown properly. fine. thanks ;-)
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: