Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest Captive Portal DNS issue (AOS8)

This thread has been viewed 21 times

  • 1.  Guest Captive Portal DNS issue (AOS8)

    Posted Oct 01, 2019 05:55 AM

    Hi everyone,

    I'm configuring a Guest Captive Portal SSID but it seems it is not working. When a user connects to this SSID, it is able to successfully get an IP address from its respective VLAN. Based from my testing, when securelogin.arubanetworks.com is typed in the browser, it cannot solve the address but when the controller's IP is entered (same subnet as the guest VLAN), it will successfully show the login page. 

    The DNS being used by users are public DNS 4.2.2.2 and 8.8.8.8. I already added rule to allow dns and it is being hit as shown in show acl hits. I already added 'ip cp-redirect-address <IP-of-controller>'

     

    Any idea on how this can be solved?

     

    AOS 8.4.0.4

    Controller 7205



  • 2.  RE: Guest Captive Portal DNS issue (AOS8)

    Posted Oct 01, 2019 03:42 PM

    Are you redirecting to clearpass or the internal captive portal?

     

    You should have a valid A record in your DNS server for the URL you redirect your guests to, for example: guest.company.xyz

     

    The securelogin.arubanetworks.com should be replaced for a valid one.

     

    Have you read the certificate 101?

    https://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/14977/1/CPPM%20-%20Certificates%20101%20Technote%20V1.0%20.pdf

     

     

     



  • 3.  RE: Guest Captive Portal DNS issue (AOS8)

    Posted Oct 02, 2019 01:25 AM

    Hi,

    I am using internal captive portal. I am also using the default certificate of the controller. For the A record, is it necessary? Because from previous version 6.5.x this was not needed. Creating Guest SSID through wizard and make sure that the roles are correct will trigger the pop up of captive portal; no issue on DNS even if a public DNS was used.

     

    By the way, no clearpass in our scenario. 



  • 4.  RE: Guest Captive Portal DNS issue (AOS8)

    EMPLOYEE
    Posted Oct 02, 2019 01:59 AM

    Setting up a DNS a-record is not required for this.

     

    What happens when a user just opens a browser?



  • 5.  RE: Guest Captive Portal DNS issue (AOS8)

    Posted Oct 02, 2019 10:30 AM

    You need a certificate for your captive portal login. That hostname should not have an A record in DNS. That is just for the MITM.

     

    Upload the cert full chain and set it as the captive portal certificate under System -> More -> General 



  • 6.  RE: Guest Captive Portal DNS issue (AOS8)

    Posted Oct 14, 2019 01:59 AM

    Hi All,

    Apologies for the delayed update on this post. Went with the uploading of certificate. 

     

    This thread may now be closed. Thank You guys for your reply/answers.