Occasional Contributor II

Internal Captive Portal


i have an aruba mobility controller with ClearPass Policy manager. we configured a number of SSIDs that uses captive portals from the CPPM. however, we needed an SSID that uses the controller's internal captive portal. se we have left the default configuration of the captive portal profile for this SSID.


the problem is that the SSID redirects the clients to the CPPM welcome page.

sa.PNG redirects me to the Clearpass. can you please help me.




Re: Internal Captive Portal

Hi Saleem,


Please provide me the following information:


1. What is the role assigned to the client when it connects to the SSID ?

2. Does this role has the correct captive portal profile (internal captive portal) mapped to it?


Please share the name of the captive portal profile which uses internal page & the following output.


1. Aruba# show rights <name of the role assigned to the client>


Client will get the portal page based upon the captive portal profile mapped to the role that it gets.


We need to ensure that the role has the correct profile mapped. In case, you are using the ssame role for different SSID's that will cause a conflict.


Occasional Contributor II

Re: Internal Captive Portal

Attached the results of the requisted command.

thank you

Guru Elite

Re: Internal Captive Portal

A user would get that page if the https page in the Captive Portal Authentication Profile (on the controller) is pointing at the admin page of ClearPass, instead of a guest page.  It looks like the guest is being redirected to the admin page, or the path to the guest page has been entered wrong.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: Internal Captive Portal

the question is, why does "" points to the clearpass and not the controller ? thats what really needs to be answered

Re: Internal Captive Portal

Hi Saleem,


Please share the results for the following :


1. show aa authentication captive-portal Test-cp_prof

2. What is the result of nslookup to when the user is placed in

Test-Logon role.

3. Did you made changes to default Captive portal ACL's ?


The following ACL's are the default ones.


Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan ClassifyMedia IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------------- ------ --------
1 user controller svc-https dst-nat 8081 Low 4
2 user any svc-http dst-nat 8080 Low 4
3 user any svc-https dst-nat 8081 Low 4
4 user any svc-http-proxy1 dst-nat 8088 Low 4
5 user any svc-http-proxy2 dst-nat 8088 Low 4
6 user any svc-http-proxy3 dst-nat 8088 Low 4


Please check the ACL's which are hit when you get redirected to CPPM page :


show acl hits role <name of role>

Search Airheads
Showing results for 
Search instead for 
Did you mean: