Controllerless Networks

Hi !

 

We have 3 IAP 207, with 2 SSID, one SSID for corporate using MAC access and the other one SSID for guest, using user/pass in captive portal embebed.

 

The problem is when some client connect to guest SSID the captive portal doesn't open.

 

Name:
Aruba Operating System Software
Type:
207
Build Time:
2019-02-14 07:15:35 UTC (build 69128) by p4build
Version:
8.3.0.6

http://www.arubanetworks.com

It was running fine until now.

 

Thanks in advance,

 

There could be a few reasons as to why the Captive Portal is not displayed. Firstly, is this the internal Captive Portal on the IAP or an External Captive Portal such as CPPM.

 

Does your Captive Portal have a publicly assigned certificate installed? Different clients will have different behaviour when a invalid cert is installed which could result in the Captive Portal not being displayed.

 

Are the Clients assigned a valid and working DNS server (e.g can you do a nslookup from the Guest VLAN)?. The VC will intercept the clients DNS reply and re-direct to the Captive Portal. If there is no working DNS server, there will be no DNS reply and no Capitve Portal displayed.

 

The problem is the certificate embebed in the IAP controller.

It's not valid to the browsers and cut the connection.

How Can I use a valid certificated from Aruba ?

You will need to upload your own valid certificate to the VC.

 

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

Thanks Craig.

The link below aren't exist

https://www.arubanetworks.com/techdocs/ArubaOS_65x_WebHelp/Web_Help_Index.htm#ReleaseNotes/Upgrade/upgrade.htm%3FTocPath%3DUpgrade%2520Procedure%7C_____0

 

 

Have you got another one ?

 

Thanks

Which Type of certificated I have to generate and update ?

You will need to create a publically signed certificate (of your choice) for the Captive Portal? Did you take a look at the below, as this provides all of the information.

 

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

 

And for the cert :

 

https://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/Authentication/Certificates.htm

Thanks, 

 

I'm not sure  I need to create a publically signed certificate.

I would like to implement the easier solution in order to have the captive portal working properly again.

 

I only need to use the internal captive portal to validate users in the guest SSID. What is your recommendations to implement the easier way ?

 

Thanks in advanced.

Hey, you will need a valid certificate on the Captive Portal regardless. If you have no control of the devices which will be using the Captive Portal, then you will need a publically signed certificate. Reason being is the Certificate Store on the untrusted device should contain the Root CA of the certificate which you are using.

If you do have control over the devices (e.g company owned devices) then you will have control over the trust store on the device.

 

There is the HTTP options but any credentials will be sent in clear text.

How Can I set Http options ?
Despite this http option someday browsers reject http connections and will
have the same problem.

Thanks,

Fco. Javier Sánchez
Infraestructuras • Comunicaciones • Ciberseguridad
T. 670 07 14 31 · fjsanchez@neotica.net
Carrer de l'Empordà, 35
08192 Sant Quirze del Vallès
Barcelona
Tel. 93 159 31 31· www.neotica.net

Apologies, HTTP is only supported when using an External Captive Portal. If you wish to use the internal portal, then a certificate will be required.