Wireless Access

last person joined: 18 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Override 3rd party captive portal?

This thread has been viewed 2 times

  • 1.  Override 3rd party captive portal?

    Posted Jun 27, 2018 07:04 AM

    Hi,

     

    We have a guest wifi service provided by a 3rd party organisation. They have a switch in our DC and provide a VLAN to us, which we then pass to our Aruba controllers. Clients on our guest SSID are dropped into this VLAN, and the 3rd party controls the L3 interface for the network and provides DHCP and a captive portal.

     

    We would like to put our own captive portal page in front of theirs. We don't want to do any authentication, just show the users a page and then have them click a link to proceed to the 3rd party registration page.

     

    Should this be possible, and how woud you go about setting it up?

     

    We would like to avoid putting users in one VLAN and then moving them to the guest VLAN later if possible. 



  • 2.  RE: Override 3rd party captive portal?

    Posted Jul 06, 2018 04:02 AM

    Can anyone offer any advice on this?



  • 3.  RE: Override 3rd party captive portal?

    EMPLOYEE
    Posted Jul 06, 2018 04:17 AM

    If you are forced to use the 3rd party VLAN, there is probably no way that you can avoid their captive portal, because they intercept all of your traffic.  If you can use your own VLAN to get to the internet, you might have options.

     

     



  • 4.  RE: Override 3rd party captive portal?

    Posted Jul 06, 2018 04:37 AM

    As the APs and the controller are closer to the client than the third party equipment, shouldn't we be able to intercept any traffic and redirect to our own captive portal? I'm only looking to use the basic captive portal on the controllers.

     

    Would it make any difference if we gave our controllers IP addresses in the network/VLAN used by the clients?



  • 5.  RE: Override 3rd party captive portal?

    EMPLOYEE
    Posted Jul 06, 2018 04:43 AM

    We would need a network diagram to understand what is possible.  In general, If your provider is inline with your guest traffic it is impossible to avoid their portal.  If there is another way out, say another VLAN, you should put your guests on that layer 2 VLAN instead and establish your own captive portal.



  • 6.  RE: Override 3rd party captive portal?

    Posted Jul 06, 2018 06:58 AM
      |   view attached

    I've attached a diagram.

     

    As I said above, we can potentially give the controllers IP addresses in VLAN 99 if that would help.

     

    We did think about dropping the clients into a different VLAN in order to show them our own captive portal page - but as I understand it, they then have to be moved to VLAN 99, and this requires them to have to do DHCP again, and they'll see their connection drop. Can this process be done smoothly and reliably? If not we would prefer to try and make it work while keeping them in VLAN 99 the whole time. 



  • 7.  RE: Override 3rd party captive portal?

    EMPLOYEE
    Posted Jul 06, 2018 07:20 AM

    If you just simply want to have your own captive portal, I would create a new VLAN internal to the controller, put your Captive Portal Virtual AP on that, and then source-nat the traffic out of that internal VLAN.  Your guest traffic will be natted out of the ip address of the controller's management VLAN.