Wireless Access

Reply
Occasional Contributor II

Captive Portal Issue

Yesterday we upgraded to 8.4 and all seems to be working but captive portal for guest.  I join guest SSID and then open browser and I get redirected to the captive portal page URL and then starts going back and forth between portal URL and then adds the "cmd=login&mac=XX" and never shows the login page to enter info.  Eventually times outs.  Strange I know - URL just swaps back and forth like a refresh but no login page.

MVP Guru

Re: Captive Portal Issue

Is this an internal Captive Portal on the Controller/IAP or an External Captive Portal such as ClearPass? Are all of your certificates still valid? 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Captive Portal Issue

Clear Pass portal. Was looking at certs now - just installed our external one from Digicert on controller but still having issue.

David Mattox
Manager of System Operations - Information Technology Services
Academic Complex 601-974-1149
1701 North State Street, Jackson, MS 39210
[cid:145fe339-2bdb-47fb-8ca9-4315778249d5]

This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received this message by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet.
Highlighted
Moderator

Re: Captive Portal Issue

hi David

Can you confirm the permit ACLs that allow http/https from user to CPPM exist above the captive portal redirection ACLs in the users initial role ?

 

MVP Guru

Re: Captive Portal Issue

What you describe is a redirect loop, which many times indeed has to do with not allowing traffic from the client to the external captive portal through the initial/captive portal role.

 

One more thing to check is that you have different certificates on your controller, or if you have the same that the redirect to your ClearPass is not the first SAN or captiveportal-logon.yourdomain.com for a wildcard. The controller takes the first SAN or captiveportal-logon for itself, and ClearPass and controller need to have different FQDN in order to access both of them. 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Captive Portal Issue

We upgraded the controller to 8.4 from 6.X yesterday with Aruba's help so certs may be an issues. Just imported our wildcard, root and trusted one into controller. Did not help

David Mattox
Manager of System Operations - Information Technology Services
Academic Complex 601-974-1149
1701 North State Street, Jackson, MS 39210
[cid:145fe339-2bdb-47fb-8ca9-4315778249d5]

This message is confidential. It may also be privileged or otherwise protected by work product immunity or other legal rules. If you have received this message by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. The integrity and security of this message cannot be guaranteed on the Internet.
Occasional Contributor II

Re: Captive Portal Issue

Herman - can I email you a video of what it is doing?  I am waiting on TAC but have not heard and now guest wireless is down.

Occasional Contributor II

Re: Captive Portal Issue

I escalated ticket and TAC was able to get the portal up.  Seems an ACL did not come over during the conversion from 6.X to 8.4.  Now the issue is redirect.  We get portal login for name and email and it connects but redirect does not work.  Accoridng to TAC, if you use default cert. on controller you used securelogin.arubanetworks.com but if you use widcard cert you use captive-login.millsaps.edu.  Neither work.  Both time out but user is logged into guest SSID.  The above is found under customize self-registration after login method=controller initiated-guest browser performs HTTP form submit.

 

Occasional Contributor II

Re: Captive Portal Issue

was also told by TAC that if we use wildcard certificate we will not be able to redirect to the college home page (millsaps.edu) becuase the controller is not able to differentiate since the wildcard is also millsaps.edu.  make sense to you?

MVP Guru

Re: Captive Portal Issue

The URL for a wildcard certificate should be: captiveportal-login.millsaps.edu. And you can verify it on the controller with the command: "show datapath fqdn" or "show captive-portal-domains" on Instant.

 

On the wildcard, the controller will just use captiveportal-login, and www or any other subdomain should work without any issue.

 

 

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: