Controllerless Networks

Reply
Highlighted
Occasional Contributor I

CP doesn't work in IAP207

Hi !

 

We have 3 IAP 207, with 2 SSID, one SSID for corporate using MAC access and the other one SSID for guest, using user/pass in captive portal embebed.

 

The problem is when some client connect to guest SSID the captive portal doesn't open.

 

Name:
Aruba Operating System Software
Type:
207
Build Time:
2019-02-14 07:15:35 UTC (build 69128) by p4build
Version:
8.3.0.6

http://www.arubanetworks.com

It was running fine until now.

 

Thanks in advance,

 

MVP Guru

Re: CP doesn't work in IAP207

There could be a few reasons as to why the Captive Portal is not displayed. Firstly, is this the internal Captive Portal on the IAP or an External Captive Portal such as CPPM.

 

Does your Captive Portal have a publicly assigned certificate installed? Different clients will have different behaviour when a invalid cert is installed which could result in the Captive Portal not being displayed.

 

Are the Clients assigned a valid and working DNS server (e.g can you do a nslookup from the Guest VLAN)?. The VC will intercept the clients DNS reply and re-direct to the Captive Portal. If there is no working DNS server, there will be no DNS reply and no Capitve Portal displayed.

 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: CP doesn't work in IAP207

The problem is the certificate embebed in the IAP controller.

It's not valid to the browsers and cut the connection.

How Can I use a valid certificated from Aruba ?

MVP Guru

Re: CP doesn't work in IAP207

You will need to upload your own valid certificate to the VC.

 

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: CP doesn't work in IAP207

Occasional Contributor I

Re: CP doesn't work in IAP207

Which Type of certificated I have to generate and update ?

MVP Guru

Re: CP doesn't work in IAP207

You will need to create a publically signed certificate (of your choice) for the Captive Portal? Did you take a look at the below, as this provides all of the information.

 

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

 

And for the cert :

 

https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/Authentication/Certificates.htm


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: CP doesn't work in IAP207

Thanks, 

 

I'm not sure  I need to create a publically signed certificate.

I would like to implement the easier solution in order to have the captive portal working properly again.

 

I only need to use the internal captive portal to validate users in the guest SSID. What is your recommendations to implement the easier way ?

 

Thanks in advanced.

MVP Guru

Re: CP doesn't work in IAP207

Hey, you will need a valid certificate on the Captive Portal regardless. If you have no control of the devices which will be using the Captive Portal, then you will need a publically signed certificate. Reason being is the Certificate Store on the untrusted device should contain the Root CA of the certificate which you are using.


If you do have control over the devices (e.g company owned devices) then you will have control over the trust store on the device.

 

There is the HTTP options but any credentials will be sent in clear text.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor I

Re: CP doesn't work in IAP207

How Can I set Http options ?
Despite this http option someday browsers reject http connections and will
have the same problem.

Thanks,

Fco. Javier Sánchez
Infraestructuras • Comunicaciones • Ciberseguridad
T. 670 07 14 31 · fjsanchez@neotica.net
Carrer de l'Empordà, 35
08192 Sant Quirze del Vallès
Barcelona
Tel. 93 159 31 31· www.neotica.net
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: