Wireless Access

Reply
Highlighted
Contributor II

Captive Portal redirection issue (Apple)

Hi guys,

 

Running into an issue that I'm kind of dumbfounded on. I am working on building a new AOS8 environment. Our RADIUS is CPPM with Guest. I have no CP test environment because of...reasons out of my control. So that means that I am building aruba 8 interfacing with a production CPPM and Guest environment.

 

Basically what am doing is MAC authentication which returns a role that launches a captive portal. That profile has the following ACLs:

 

clearpass-guest-allow (my clearpass servers)

allow-ocsp-acl

captiveportal

logon-control

 

The allow-ocsp-acl has netdestinations which allow HTTP and HTTPS to the following access lists:

 

1 host 199.7.50.72 32
2 host 199.7.51.72 32
3 host 199.7.52.72 32
4 host 199.7.54.72 32
5 host 199.7.55.72 32
6 host 199.7.57.72 32
7 host 199.7.59.72 32
8 host 199.7.71.72 32
9 host 74.125.226.239 32
10 host 199.7.48.72 32
11 host 91.209.196.169 32
12 host 199.66.201.169 32
13 host 174.133.236.131 32
14 host 174.133.251.251 32
15 host 208.77.208.79 32
16 host 208.77.208.82 32
17 host 208.116.13.251 32
18 host 208.116.18.83 32
19 host 64.150.188.27 32
20 host 64.150.190.19 32
21 host 65.98.24.187 32
22 host 69.175.66.203 32
23 host 69.175.66.219 32
24 name 0.0.0.21 ocsp.thawte.com
25 name 0.0.0.22 .courier-push-apple.com.akadns.net
26 network 17.172.0.0 255.255.0.0

 

and

 

1 name 0.0.0.7 .apple.com

 

I am not getting the captive portal popup which I think is a Guest module issue. But beyond that, for apple devices (tested with MBP). I ONLY get the redirect to my self registration page if I go to apple.com. Going anywhere else gives me nothing. When I connect on my samsung phone, I get the popup.

 

Any ideas? Thanks!

Guru Elite

Re: Captive Portal redirection issue (Apple)

Remove the allow-ocsp-acl netdestination/policy.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: Captive Portal redirection issue (Apple)

I should mention, I'm only seeing this with safari, not with chrome. That is whether the OCSP ACL is added or not.

 

Removing it doesn't change it for safari. I'm going to update and also try another computer. But thank you for the prompt reply. Will check back with results.

 

Edit----

 

After updating and restarting I now get the portal popup. Thank you!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: