Security

Reply
Highlighted
Occasional Contributor I

iAP no captive portal pop-up and authentication text question

Dear Airheads,

 

i am trying to setup a guest wifi with external captive portal page.

 

I have setup a website , which is available in the same vlan like the guest will be assiged. There is one page where the user need to accept the terms and then get redirected to a second page, where the authentication text is in the html body.

 

The first issue is, that the captive portal page does not pop up, when connecting to the wifi, but i can access the page with the normal webbrowser.

 

The second issue is, that the authentication text does not seem to work.

The role does not change after the user gets redirected to the second page, where the authentication text is integrated. The authentication text is inside a hidden input:

 

<div class="MainLoginSuccess">
<label>Ihr Log-In war erfolgreich.</label><br /><br />
<label><i>Your Log-In was successful.</i></label>
</div>

I have added some images of the configuration.

 

I hope someone can help me.

Highlighted
MVP Guru

Re: iAP no captive portal pop-up and authentication text question

Is your client assigned a valid and working DNS server? The VC will not be able to re-direct to a Captive Portal if DNS is not working for the client. Also, have you replaced the default Captive Portal certificate on the VC?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor I

Re: iAP no captive portal pop-up and authentication text question

Hi,

 

thanks for your reply.

 

the dns server should be correct assigned. It's the same we are using for a password protected wifi in the same vlan.

 

Where should i replace the certificate? And which certificate should i use? The captive portal website is only accessable through http.

Highlighted
MVP Guru

Re: iAP no captive portal pop-up and authentication text question

I'd still double check your client can perform DNS. It might be more
restrictive on your guest network due to ACL's.

You can take a look at the cert info here.

https://community.arubanetworks.com/t5/Controller-less-WLANs/ArubaOS-Default-Certificate-Revocation-FAQ-Instant/ta-p/275814

ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor I

Re: iAP no captive portal pop-up and authentication text question

I have checked the DNS and added the DNS access in the pre-authentication role.

 

When i am using nslookup, the names are resolved correctly, but still no pop-up.

 

When i am using the access point internal captive portal page, the pop up works.

Highlighted
MVP Guru

Re: iAP no captive portal pop-up and authentication text question

Have you enabled automatic whitelisting? What is the URL that is presented in the browser? Is this showing as correct?

 

show datapath session | include [CLIENT IP]

Confirm in the first case the client can reach the captive portal via the vlan.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor I

Re: iAP no captive portal pop-up and authentication text question

The user can reach the captive portal, by typing it manually into the webbrowser.

 

http://192.168.16.215/Login.html

 

This is the result of the command:

 

show datapath session | include 192.168.16.191
192.168.16.1 192.168.16.191 17 53 53984 0 0 0 0 dev17 17 1 43 FI
192.168.16.191 224.0.0.251 17 5353 5353 0 0 0 0 dev17 17 3 ba FDC
192.168.16.191 192.168.16.1 17 50207 53 0 0 0 0 dev17 1d 2 86 FCI
192.168.16.191 224.0.0.252 17 62456 5355 0 0 0 0 dev17 17 1 38 FDC
192.168.16.1 192.168.16.191 17 53 64774 0 0 0 1 dev17 3f 0 0 FI
192.168.16.1 192.168.16.191 17 53 65319 0 0 0 1 dev17 3e 0 0 FI
192.168.16.191 192.168.16.1 17 63627 53 0 0 0 1 dev17 68 0 0 FCI
192.168.16.191 192.168.16.255 17 137 137 0 0 0 0 dev17 17 2 9c FDC
192.168.16.1 192.168.16.191 17 53 63627 0 0 0 1 dev17 68 0 0 FI
192.168.16.191 104.107.216.169 6 58469 80 0 0 0 0 dev17 36 6 22f FSNC
192.168.16.191 104.81.34.215 6 58467 443 0 0 0 1 dev17 3f 0 0 FSNC
192.168.16.191 104.107.216.169 6 58470 80 0 0 0 0 dev17 1d 4 1df FSNC
192.168.16.191 104.107.216.169 6 58471 80 0 0 0 0 dev17 4 3 1b7 SNC
192.168.16.191 104.107.216.169 6 58464 80 0 0 0 1 dev17 81 0 0 FSNC
192.168.16.191 104.81.34.215 6 58468 443 0 0 0 1 dev17 3e 1 28 FSNC
192.168.16.191 192.168.16.1 17 64774 53 0 0 0 1 dev17 3f 0 0 FCI
192.168.16.191 104.107.216.169 6 58465 80 0 0 0 1 dev17 68 2 50 FSNC
192.168.16.191 104.107.216.169 6 58466 80 0 0 0 1 dev17 4f 3 78 FSNC
192.168.16.1 192.168.16.191 17 53 65457 0 0 0 1 dev17 4f 0 0 FI
192.168.16.191 192.168.16.1 17 51452 53 0 0 0 1 dev17 4e 0 0 FCI
192.168.16.191 192.168.16.1 17 65457 53 0 0 0 1 dev17 4f 0 0 FCI
192.168.16.1 192.168.16.191 17 53 51452 0 0 0 1 dev17 4e 0 0 FI
192.168.16.191 192.168.16.1 17 53984 53 0 0 0 0 dev17 17 1 43 FCI
192.168.16.191 224.0.0.252 17 65288 5355 0 0 0 0 dev17 17 1 38 FDC
192.168.16.191 192.168.16.1 17 65319 53 0 0 0 0 dev17 3e 0 0 FCI
192.168.16.1 192.168.16.191 17 53 50207 0 0 0 0 dev17

Highlighted
Occasional Contributor I

Re: iAP no captive portal pop-up and authentication text question

Somehow my answere gets deleted...

 

The captive portal is available through the webbrowser:

 

http://192.168.16.215/Login.html

 

The output of the command is:

show datapath session | include 192.168.16.191
192.168.16.1 192.168.16.191 17 53 53984 0 0 0 0 dev17 17 1 43 FI
192.168.16.191 224.0.0.251 17 5353 5353 0 0 0 0 dev17 17 3 ba FDC
192.168.16.191 192.168.16.1 17 50207 53 0 0 0 0 dev17 1d 2 86 FCI
192.168.16.191 224.0.0.252 17 62456 5355 0 0 0 0 dev17 17 1 38 FDC
192.168.16.1 192.168.16.191 17 53 64774 0 0 0 1 dev17 3f 0 0 FI
192.168.16.1 192.168.16.191 17 53 65319 0 0 0 1 dev17 3e 0 0 FI
192.168.16.191 192.168.16.1 17 63627 53 0 0 0 1 dev17 68 0 0 FCI
192.168.16.191 192.168.16.255 17 137 137 0 0 0 0 dev17 17 2 9c FDC
192.168.16.1 192.168.16.191 17 53 63627 0 0 0 1 dev17 68 0 0 FI
192.168.16.191 104.107.216.169 6 58469 80 0 0 0 0 dev17 36 6 22f FSNC
192.168.16.191 104.81.34.215 6 58467 443 0 0 0 1 dev17 3f 0 0 FSNC
192.168.16.191 104.107.216.169 6 58470 80 0 0 0 0 dev17 1d 4 1df FSNC
192.168.16.191 104.107.216.169 6 58471 80 0 0 0 0 dev17 4 3 1b7 SNC
192.168.16.191 104.107.216.169 6 58464 80 0 0 0 1 dev17 81 0 0 FSNC
192.168.16.191 104.81.34.215 6 58468 443 0 0 0 1 dev17 3e 1 28 FSNC
192.168.16.191 192.168.16.1 17 64774 53 0 0 0 1 dev17 3f 0 0 FCI
192.168.16.191 104.107.216.169 6 58465 80 0 0 0 1 dev17 68 2 50 FSNC
192.168.16.191 104.107.216.169 6 58466 80 0 0 0 1 dev17 4f 3 78 FSNC
192.168.16.1 192.168.16.191 17 53 65457 0 0 0 1 dev17 4f 0 0 FI
192.168.16.191 192.168.16.1 17 51452 53 0 0 0 1 dev17 4e 0 0 FCI
192.168.16.191 192.168.16.1 17 65457 53 0 0 0 1 dev17 4f 0 0 FCI
192.168.16.1 192.168.16.191 17 53 51452 0 0 0 1 dev17 4e 0 0 FI
192.168.16.191 192.168.16.1 17 53984 53 0 0 0 0 dev17 17 1 43 FCI
192.168.16.191 224.0.0.252 17 65288 5355 0 0 0 0 dev17 17 1 38 FDC
192.168.16.191 192.168.16.1 17 65319 53 0 0 0 0 dev17 3e 0 0 FCI
192.168.16.1 192.168.16.191 17 53 50207 0 0 0 0 dev17
Highlighted
Aruba Employee

Re: iAP no captive portal pop-up and authentication text question

Hi,

 

When using 'Authentication Text' method, please refer to the template I posted:

https://community.arubanetworks.com/t5/Controllerless-Networks/Using-external-captive-portal-with-authentication-text/m-p/457350#M21740

 

I've created an external captive portal template. (ref: InstantCPv8.1-NoCSS-AuthText-Error.zip)

 

When you click on accept, it calls the HTML GET which fetches the login.html page which contains a comment, the authenticated text string: Authenticated.

 

This method works using HTTP as the IAP needs to parse HTML code to looks for the authentication text in HTML comment.

 

Paul Gallant, ing.
CWNA, CWSP, ACCA, ACSA, ACEAP, ACMX #377, ACDX #380

Highlighted
Occasional Contributor I

Re: iAP no captive portal pop-up and authentication text question

Hi,

 

i am using your template right now, but it is still the same. The user role does not change from the pre-authentication to the post-authentication role.

 

Is it maybe a firmware issue? I have currently the version 8.3.0.3 installed.

 

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: