Security

Reply
Highlighted
All-Decade MVP 2020

Re: AOS 8.2 Captive portal issues

When I was troubleshooting this a few months ago I found that purple had a hardcoded configuration for the post back UrL which couldnt be modified.
Highlighted
Occasional Contributor II

Re: AOS 8.2 Captive portal issues

Hey, does wireshark works great with Win 10 ? 

Highlighted
All-Decade MVP 2020

Re: AOS 8.2 Captive portal issues

Yes but it's hard to get RF level captures.

I found using Google chrome with developer mode on was good for seeing redirect and http actions.
Highlighted
Guru Elite

Re: AOS 8.2 Captive portal issues

Wireshark will just get the unencrypted HTML that is sent to/from the user.  It would not be a wifi capture....


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: AOS 8.2 Captive portal issues

Everyone.

 

I ended up working through the issues, this is an older post. Thank you for all the replies, recommendations and troubleshooting steps.

 

Highlighted
Occasional Contributor II

Re: AOS 8.2 Captive portal issues

So after couple of hours troubleshooting I think I got this working.


Bellow are key steps to get Purple working with AOS 8.X

 

1. Permit http to controllers guest IP.

 

As scottdoorey stated

 

Spoiler
What i'm seeing is that i need ot push an ACL into the pre-auth role allowing HTTP access to the ip address specified for ip cp-redirect interface on each controller. this seems to work fine.  Not sure if this is correct or will break other things.

You'll need to add your controllers "guest" vlan IP to the whitelist, I'm sure this is something buggy, but authentication won't complete if you don't do this.

 

2. Specify controllers IP for the POST from purple.

 

If you look at the documentation from purple they would tell you to check the "Add switch IP address in the redirection URL:" option, at default this could result in using the first IP configured on the controller and maybe not the same as the right one (the guest vlan IP).

 

At this point I tried too many things to know which one solved this issue.

It could be one of theese two:

 

a. ip cp-redirect-address as cjoseph suggested.

b. Unchecking"Add switch IP address in the redirection URL:" and specify the right IP under authentication>L3

chrome_2019-10-30_09-19-18.png

 

Btw, be patient whenever you make changes with purple, it seems that they have some kind of config cache that won't reflect your controllers config as you make changes.

 

Hope this help somone in the future. :)

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: