Security

last person joined: 21 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Want to stop web redirect

This thread has been viewed 1 times

  • 1.  Want to stop web redirect

    Posted Jan 10, 2012 08:05 AM

    Dear Expert

     

    My customer uses captive portal authentication on 3600.

    Authentication log in page is displayed when http packets are detected by the controller.

    But we stop this web redirect because it affects load to the controller temporally.

    Instead, the customer wants to put server’s ip address manually on their PC and display authentication page manually.

    Can we stop this web redirect on the controller?

    Actually they use the authentication by wired, not wireless.

     

    Best Regards


    #3600


  • 2.  RE: Want to stop web redirect

    Posted Jan 10, 2012 08:38 AM

     

    Just to clearify..

    Do you want to prevent the controller to show the Captive Portal? 

    Or to prevent the redirect that happens after authentication to the original webpage the user wanted to go?

    And - do you have performance issues on the Controller since you want this?

     

     

    ..John



  • 3.  RE: Want to stop web redirect

    Posted Jan 10, 2012 09:26 AM

    John

    Appreciate your quick response.

     

    >>Do you want to prevent the controller to show the Captive Portal?

     

    Yes, I want the controller not to show the captive portal log in page.

     

    >>And - do you have performance issues on the Controller since you want this?

     

    That is becase we have performance issue. Some clietns create many https for some reaosnse and now the controller redirect all those packets, therefore they recieve much load. I want to prevent this ASAP on controller side.

     

    Regards

    



  • 4.  RE: Want to stop web redirect

    Posted Jan 10, 2012 09:34 AM

    In the initial role, you should have an ACL that looks something like:

     

    any any svc-http dst-nat

    any any svc-https dst-nat

     

    If you remove those rules, the controller won't automatically intercept http/https requests.  You would have to use the URL "securelogin.arubanetworks.com/auth/index.html" (if you use a custom cert, change "securelogin.arubanetworks.com" to the device name in your cert) to get the client to view the captive portal page.

     

    You will also have to add a rule that allows the user to talk to the controllers "controller-ip" so that the page can be displayed.  You can get the controller-ip from the command "show controller-ip", assuming you are running a fairly new ArubaOS.



  • 5.  RE: Want to stop web redirect

    Posted Jan 10, 2012 10:07 AM

    Olio

    thanks,

     

    >>a rule that allows the user to talk to the controllers "controller-ip" so that the page can be displayed.

     

    If clients are different subnet for controller-ip, let's say what rules should I add? Do I have routing?

     

    Regards

    naka39



  • 6.  RE: Want to stop web redirect

    Posted Jan 10, 2012 10:18 AM

    In the pre-login role, add these rules:

     

    any host x.x.x.x svc-http dst-nat

    any host x.x.x.x svc-https dst-nat

     

    x.x.x.x = the IP address of the controller from "show controller-ip".

     

    That way, when you put in the URL in the client browser, you can do http://x.x.x.x (same IP as above) and the client should be redirected to the login page.  If you put http://www.google.com (or any other URL) in the browser, you should NOT get the login page.



  • 7.  RE: Want to stop web redirect

    Posted Jan 10, 2012 10:39 AM
    Olino Thanks a lot ! It makes me clear. I will try those config. Regards naka39