Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Captive portal page

This thread has been viewed 7 times

  • 1.  Captive portal page

    Posted Apr 30, 2015 02:48 PM

    All,

     

    We recently migrated over to Clearpass from the Amigopod.  The issue we are having is that the captive portal page no longer comes up automatically when a device connects to our Guest wireless.  When we had the captive portal page on the amigopod the guest captive portal page automatically redirected when you opened up a browser since we switched over to Clearpass the devices/customers now need to type in a URL to somewhere to get the guest captive portal page.  Is there a setting or option that can be set to get the same functionality?

     

    Thanks,

     

    Bill



  • 2.  RE: Captive portal page

    EMPLOYEE
    Posted Apr 30, 2015 02:57 PM
    Are you using an Aruba Controller? If so, what version?


  • 3.  RE: Captive portal page

    Posted Apr 30, 2015 03:17 PM

    We are using Aruba Controllers (7200 series) running 6.4.2.5 code.



  • 4.  RE: Captive portal page
    Best Answer

    EMPLOYEE
    Posted May 06, 2015 02:29 PM

    There are two different places to enable/disable CNA Bypass. One is on the captive portal profile on the controller. The other is on the Guest Self Registration or Web Login page (look in the Advanced Editor for the page). Make sure it is unchecked in both locations.

     

    Screenshot from Advanced Editor in CPG:

     

    Screen Shot 2015-05-06 at 2.27.05 PM.png

     

    This should cause the automatic popup of the reg/login page to start working again.



  • 5.  RE: Captive portal page

    Posted May 11, 2015 07:40 AM

    Hi Zach,

     

    Thanks for the reply.  I checked the Clearpass Guest side of things and the 'Enable bypassing the Apple Captivve network Assistant' is unchecked.  On the controller side I could not find the equivalent setting within the Captive Portal Authentication Profile.  Maybe it's named differently than I think.

     

    Thanks,

     

    Bill



  • 6.  RE: Captive portal page

    Posted May 11, 2015 07:43 AM

    Zach,

     

    Nevermind.   I found it.  It's unchecked in the Captive Portal Authentication as well.  It's Monday morning.  :)



  • 7.  RE: Captive portal page

    EMPLOYEE
    Posted May 11, 2015 08:20 AM
    Ok, so the other thing that can cause the Captive Network Assist to not Fire off is a self-signed HTTPS certificate. You can either switch over to HTTP or install a Publically Signed HTTPS cert in CPPM.

    To switch to HTTP to test this, you need to change the redirect to HTTP and you need to uncheck the require HTTPS for operator login in CPG under Configuration->Authentication.


  • 8.  RE: Captive portal page

    EMPLOYEE
    Posted May 11, 2015 08:27 AM
    Can you also post the output of "show rights <your-guest-logon-role>



    Thanks,
    Tim


  • 9.  RE: Captive portal page

    Posted May 11, 2015 08:30 AM

    Zach,

     

    It appears we are using a public https cert on our CPPM subscribers and publishers for https stuff.  I assume once connected to guest the login/auth page should automatically come up without intervention?

     

    Tim,

     

    Where do I do 'show rights' from?  Controller?



  • 10.  RE: Captive portal page

    EMPLOYEE
    Posted May 11, 2015 08:37 AM
    Ok. I'm guessing that the CRL for that public cert is white listed.

    Keep in mind that there are 2 different certs that you can upload in CPPM. One is the RADIUS and the other is the HTTPS SSL.