Wireless Access

Reply
Highlighted
Frequent Contributor I

[AOS8] Automatic Captive Portal redirect works partially

Hi guys,

 

I was just playing around with some AOS8 code (8.3.0.1) and ran into a strange behaviour. Until now I have no clue whats wrong.

Here is my test-setup:

There are two redundant vMM with two MD (7010) connected to them. 
I have a Guest SSID which is redirecting to a Clearpass Cluster. Both (Controller and CPPM) have official (trusted) certs installed. The cert on the Controller is bound in the web-server profil as the captive portal cert.
I have a Role which redirects the device to the captive portal with all necessary Policies.
So far so good (i thought) :)

I tested the guest network with an iPhone 6s, iPhone 6 and 7 (all got the same IOS version). All of them were working fine. I connected to the SSID and got the automatic redirect to the external captive portal - and i can login properly.

So I tested it with an iPhone 8 and iPhone X. With these two devices I didn't get redirected to the cp. They have the same IOS version as the other test devices. The manual redirect (browse a webpage in the browser) doesn't work either - but when I enter the URL of the CPPM captive portal, I can reach it...

 

I don't have any clue in which way I can troubleshoot this behaviour any further.


Is anyone facing the same thing?

Network Engineer
ACCX #931 | ACMP
MVP Guru

Re: [AOS8] Automatic Captive Portal redirect works partially

Can you share your ACL rules under the role ?
Can you confirm that the device is getting the correct DNS server?
Can you reach clearpass using the IP instead of the dns name?
Did you enabled the apple CNA ?
Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: [AOS8] Automatic Captive Portal redirect works partially

Hey,

 

here are my answers of your questions:

 

Can you share your ACL rules under the role ?
initial user role: guest-selfreg-cppm-cp (logon-control, allow-cppm, captive portal). 

Logon-control and captive-portal are default policies. 
allow-cppm = allow http and https to CPPM IP(s)

 

Can you confirm that the device is getting the correct DNS server?

Yes, all of the dievices get the same DNS Server IP

 

Can you reach clearpass using the IP instead of the dns name?
yes, i can


Did you enabled the apple CNA?

no, not at the moment. but this afternoon for testing purposes - without any difference in the test result.

Network Engineer
ACCX #931 | ACMP
MVP Guru

Re: [AOS8] Automatic Captive Portal redirect works partially

Try moving up the captiveportal ACL

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Frequent Contributor I

Re: [AOS8] Automatic Captive Portal redirect works partially

[EDIT]

Hi just changed the order of the ACLs in the user-role but the behaviour is more or less the same. After I changed the order, the client isn't able to get to the captive-portal page because of a redirect loop.

 

I also tried to change the DNS name to an IP in the captive portal profile - without any impact.

Network Engineer
ACCX #931 | ACMP
Contributor II

Re: [AOS8] Automatic Captive Portal redirect works partially

I assume you've fixed this issue but the redirect loop happens when you have the captiveportal ACL above the ACL allowing access to your CPPM servers. The captiveportal ACL needs to be below the one allowing access to CPPM.

New Contributor

Re: [AOS8] Automatic Captive Portal redirect works partially

Hey did you happen to get this resolved? I am running into a very similar issue. 

Contributor II

Re: [AOS8] Automatic Captive Portal redirect works partially

alaskarob, what's the exact issue you're running into? What OS and what kind of topology for your controllers?

New Contributor

Re: [AOS8] Automatic Captive Portal redirect works partially

We have two vMMs and two MDs 7010s in a cluster running 8.3.0.4. The controllers are configured with a guest SSID with a captive portal redirect to Clearpass. All of our IOS/OSX devices are redirecting without any issues, however windows 10 devices are not redirecting. The windows 10 can browse to the captive portal page manually but the auto-redirect is not working. 

 

Thanks!

Contributor II

Re: [AOS8] Automatic Captive Portal redirect works partially

Can you post the config for your initial role?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: