Security

Reply
Highlighted
Aruba Employee

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

Hi Mike,

 

Thanks for the captures. As we observed, the redirection location is incorrect after the upgrade. TAC is trying to reproduce the issue in the lab setup. 

Stay tune...

 

-Alap

Highlighted
Aruba Employee

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

Mike,

 

Just for the upadate, TAC is able to reproduce the same issue in the LAB setup using your configuration. We will work with develpers to find out the root cause. Meanwhile, we are also checking if there is any work-around. 

One of the escalation engineer will reach out to you and update you regarding the same and answer any questions you may have. 

 

I will update this thread once we find out the root cause or work-around.

 

Thanks,

Alap

Aruba Employee

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

To close the loop on this, in 6.1 you must add the following to your controller configuration for proper redirection:

 

(config) #aaa authentication wired
(Wired Authentication Profile) #profile default

 


View solution in original post

Highlighted
Occasional Contributor I

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

I have the same problem and added

(config) #aaa authentication wired
(Wired Authentication Profile) #profile default

but the problem still exists.

Is there any update?

Highlighted
Guru Elite

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

Please open a support case.  You could have a different problem.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

I am also experiencing this issue with our captive portal setup using v. 6.1.1.0 and integrated with clearpass guest self registration. My experience has been the captive portal is displayed correctly (hosted on clearpass server) for a period of time, but eventually the redirects start to happen (IE just times out, other browsers show "too many redirect" messages). This is also user specific, so a brand new user can authenticate just fine, but someone who has been using the guest network all day will most likely see this mid afternoon when trying to reconnect.

 

There doesn't seem to be any errors on the clearpass but the error on the controller that I see right around the time this happens is

 

error 522043: Configured Session limit reached for client IP=[my IP address].

 

Not sure if this is something being sent from clearpass to the controller or if it a configuration present in the controller itself that is causing this error. More over I don;t know what the session limit is even set to, where to find it, etc. The recomended action in the syslog reference guide is to turn the client off until sessions have been cleared but would be nice to resolve a different way.

 

I confirmed the wired AAA profile is set to default as suggested in a previous post. I also have a case open with TAC, #1314697. The tech's have pcaps and controller logs.

 

Has anyone had the same experience with the same logs in the controller and the too many redirects/timeout? Any progress on this issue from the other guys that posted originally?

 

-GR

Highlighted
Aruba Employee

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

GR,

 

The error message which you mentioned, points that some users are generating too many sessions and reaching the session limit. By default the # of session limit per user is 65K, but u can reconfigure it under user-role to lower it down. Ususally in Captive Portal auth, people lower down that number, so that one user do not fill up controller's session table. This can happen due to virus on the user maching or some kind of DOS attack. 

 

Thank you for opening TAC ticket. Live debugging will help to troubleshoot the issue quickly.

 

Highlighted
Occasional Contributor II

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

Ah I found it. I had followed the best practice guide and reduced it down to 128 sessions. Maybe the number should only be reduced for unauthenticated guests and leave the authenticated guest user as the default 65k value? It seems as though 128 sessions per user fills up rather quickly. When it happens again, I need to load the session table to see what exatly is taking up the bulk of them, maybe I can limit it some other way.

 

Thank you for the input.

 

-GR

Highlighted
Occasional Contributor I

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

I have the exact same problem with version 6.1.2.3.

I have a case open: Case # 1315382

Highlighted
Frequent Contributor II

Re: 6.1.3.1 upgrade, captive portal now broken. Broswers report redirect loop

I'm having after sn upgrade to 6.2.1.4 the same problem right now, please anyone coild post the solution to the incorrect redirection??
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: