Hi everyone, looking for some experienced users to help me out here. We have a guest wifi setup with CPPM being the captive portal for users to authenticate against. While digging through the configs for this setup, I can't for the life of me figure out how I'm being redirected to the captive portal correctly. The service definitely works and we have no complaints from our users but when I compare my configs to those from an ASE example, it's missing the reference aaa profile that has all the necessary stuff like initial role and the captive portal session, etc.
This is what I have from the Guest ssid section (I've edited the names a bit):
wlan virtual-ap "Guest-vap"
aaa-profile "Guest-redirect-aaa"
ssid-profile "Guest-ssid"
vlan Guest-vlan
broadcast-filter all
deny-inter-user-traffic
!
wlan ssid-profile "Guest-ssid"
essid "Guest"
!
aaa profile "Guest-redirect-aaa"
initial-role "Guest-redirect-role"
enforce-dhcp
!
user-role Guest-redirect-role
access-list session global-sacl
access-list session apprf-Guest-redirect-role-sacl
access-list session logon-control
access-list session Guest-redirect-acl
!
ip access-list session global-sacl
!
ip access-list session apprf-Guest-redirect-role-sacl
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any network 169.254.0.0 255.255.0.0 any deny
any network 240.0.0.0 240.0.0.0 any deny
!
ip access-list session Guest-redirect-acl
any any any redirect tunnel 10
!
Normally I would expect the aaa profile to be loaded with all the initial role, mac authentication, dhcp, etc. But this one doesn't. There definitely is another aaa profile which houses all the captive portal information and such but it's not being reference in any other configuration whatsoever.
Could there be some other "default" setting that the guest users are hitting and being brought to the captive portal?
Thanks for any suggestions and let me know if you need any additional outputs.