Security

ArubaOS 8.3.0.4.67604

Controller 7030.

 

Guest wlan created by task wizard.

 

===

aaa authentication captive-portal "Test_Guest"
server-group "Test_Guest"
redirect-pause 1
no logout-popup-window
protocol-http
login-page "http://172.16.60.250/index.html"
welcome-page "http://172.16.60.250"
no enable-welcome-page
white-list "Test_guest"
redirect-url "http://172.16.60.250/success.html"

 

netdestination Test_guest
host 172.16.60.250

 

aaa profile "Test_Guest"
initial-role "Test_Guest-guest-logon"
max-ip ipv4 wireless 3
radius-interim-accounting
radius-acct-session-id-in-access
reauth-wired-user-vlan-change
enforce-dhcp

===

 

172.16.60.250 - it's radius and web-portal server (centos).

if user after connect manual enter in browser url: http://172.16.60.250 - he see login page, and after enter login-pass in cppm page - user may use internet, auth success.

But auto-redirect on portal "http://172.16.60.250/ - not work.

 

Why? Where are i have error in rdr-cfg?

Does your inital role "Test_Guest-guest-logon" contain the captiveportal ACL? Is your client also assigned a valid and working DNS server? Have you also replaced the default cert on the controller?

===

user-role Test_Guest-guest-logon
captive-portal "Test_Guest"
access-list session global-sacl
access-list session apprf-test_guest-guest-logon-sacl
access-list session logon-control
access-list session captiveportal
access-list session v6-logon-control
access-list session captiveportal6

===

 

yes, dns work for users, and normal resolv domain names after connect (and before and after succes manual login)

Is the client attempting to be re-directed from a HTTP or HTTPS page? Are
you still using the default certificate?

No, client no attempting to be re-directed from a HTTP or HTTPS page.
Yes, I using the default certificate.
If the user did not manually go to the portal page, then when he tries to go to any web-site, he see "It is impossible to open the page", as a result, in nslookup - the domain resolves in this moment.

 

Does anyone have the correct config to use an external portal? I would be very grateful for the example. I'm afraid the wizard creates something wrong. The truth about manual documentation was with the same result: (

But here is the most interesting thing - I have one more controller, the same one, and everything was created correctly on it, everything works fine. Already from there I’m going to transfer settings through the cli - but again with the same result - the auto-redirect after connect to wifi does not work :(

 

I'm at a dead end :( Help pls...

I think to make a full reset for this device, maybe some bug is incurable now. But I have 60 named access points there. Is it possible to restore the points and their names after a full reset and format, or will I have to manually fill them all in again?

I would not factory reset the device as this should work as expected. I would strongly recommend replacing the default cert as this will break your Captive Portal regardless if the client is trying to re-direct from the HTTPS page.

 

https://community.arubanetworks.com/t5/Controller-Based-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Controllers/ta-p/275809

 

If you look at the datapath session do you see the client attempting to access the Captive Portal automatically via a re-direct?

Thanks, I will try tomorrow, I will collect still information and I will write by result here

Clearpass has the option to test the login pages and you usually copy the url and paste it to the captive-portal profile on your controller, So, does your radius has something like that? Maybe it is something in the url itself that do not let the browser to redirect automatically.

 

Also make sure that you're allowing http/https to your radius server, dns and dhcp services under your guest role.

It's magic, but today all work is fine after full reboot all APs and this controller.

Thanks for answers All!