Wireless Access

Reply
Highlighted
Contributor I

8.3.0.2 - External Captive portal - Clients can't get the default role

Hi Community,

I'd configured an external captive portal. It was working fine on version 8.2.1.0.

After upgrading to 8.3.0.2, Clients are able to get the external captive portal page but  cannot get the default role.

I tried to get both link "http://<controller ip>/auth/index.html/u" and "http://<controller ip>/cgi-bin/login" but clients are still in initial role and stuck in the same external captive portal page.

 

On the external captive portal, I use this html code on the button to quit captive portal:

<form method="post" id="myForm" autocomplete="off" action="http://10.200.116.11/cgi-bin/login">
<div class="col-sm-6 col-lg-6">
<input type="submit" name="accept" id="accept" value="Get Started" class="btn btn-primary btn-lg btn-padding" />
</div>
aaa authentication captive-portal "thuypbt1_cppm_sg"
default-role "vng_lab"
server-group "thuypbt1_cppm_sg"
login-page "http://10.205.14.13/"   (-->IP of external captive portal)
white-list "thuypbt1_cppm_sg"
redirect-url "https://zing.vn"
!

aaa server-group "thuypbt1_cppm_sg"
 auth-server CPPM position 1
!

aaa profile "Test-lab"
    initial-role "thuypbt1"
    dot1x-default-role "vng_lab"
!

user-role thuypbt1
    captive-portal "thuypbt1_cppm_sg"
    access-list session global-sacl
    access-list session apprf-thuypbt1-sacl
    access-list session thuypbt1
    access-list session captiveportal

netdestination thuypbt1_cppm_sg
    host 10.205.14.13
!
ip access-list session thuypbt1
    any any svc-dns permit
    any any svc-dhcp permit
    any  host 10.200.0.5 any permit
    any  host 10.205.14.13 svc-http permit
    any  host 10.205.14.13 svc-https permit
    any alias onboard-whitelist svc-https permit
    any alias vng_lab_whitelist svc-https permit
    any  host 49.213.67.133 svc-https permit
!

How can I configure to get the default role?

This configuration was working fine on version 8.2.1.0.

Thanks a lot for your help

Thuy.

 

 

 

 

 

 


Accepted Solutions
Highlighted
Contributor I

Re: 8.3.0.2 - External Captive portal - Clients can't get the default role

Thanks Cclemmer,

I'd downgraded cluster to version 8.2.1.0 and everything is working fine now.

I opened a CASE but Aruba engineer haven't found out the reason.

 

Thuy.

View solution in original post


All Replies

Re: 8.3.0.2 - External Captive portal - Clients can't get the default role

Take a look at the docs here:

 

https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/Web_Help_Index.htm#ArubaFrameStyles/Captive_Portal/Internal_Captive_Portal.htm#captive_portal_2658586545_1085111

 

Using the action /auth/index.html/u should be correct. You'll need to verify the html code to ensure that a username is being returned as part of the POST to toggle the authentication.


Charlie Clemmer
Aruba Customer Engineering
Highlighted
Contributor I

Re: 8.3.0.2 - External Captive portal - Clients can't get the default role

Hi Charlie,

Thanks for this information.

Could you please help me to check my html code? I tried these codes but It isn't working

<form method="post" id="myForm" autocomplete="off" action="http://10.200.116.11/auth/index.html/u">
		        <div class="col-sm-6 col-lg-6">
                <input type="hidden" name="user" value="guest">
                <input type="hidden" name="password" value="guest">
                <input type="submit" name="Accept" value="authenticate">
<FORM method="post" autocomplete="off" ACTION="http://10.200.116.11/auth/index.html/u">
        Username:<BR>
        <INPUT type="text" name="user" accesskey="u" SIZE="25" VALUE="">
        <BR>
        Password:<BR>
        <INPUT type="password" name="password" accesskey="p" SIZE="25" VALUE="">
        <BR>
        <INPUT type="submit">
    </FORM> 

 Thank you so much.

Thuy.

 

Index.html file

Highlighted
Contributor I

Re: 8.3.0.2 - External Captive portal - Clients can't get the default role

I taked the wireshark capture on client.

Non-working captureNon-working captureWorking captureWorking captureWhy did controller send a Temporarily moved to client?

 

Highlighted

Re: 8.3.0.2 - External Captive portal - Clients can't get the default role


@tigerbt wrote:

I taked the wireshark capture on client.

Non-working captureNon-working captureWorking captureWorking captureWhy did controller send a Temporarily moved to client?

 


The temporaryily moved redirect is the initial captive portal insertion. The client device tried to access some website, and the controller intercepts that and does a 302 redirect to get the client device to the captive portal page.


Charlie Clemmer
Aruba Customer Engineering
Highlighted
Contributor I

Re: 8.3.0.2 - External Captive portal - Clients can't get the default role

Thanks Cclemmer,

I'd downgraded cluster to version 8.2.1.0 and everything is working fine now.

I opened a CASE but Aruba engineer haven't found out the reason.

 

Thuy.

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: