Wireless Access

Occasional Contributor II

captive portal Access Denied sometimes

I am testing a new captive portal with a user derivation rule to allow certain devices to auth based on the mac address.


For the clients using the captive portal, most of the times everything functions as it should.  (they enter credentials, i see activity logged on the radius server, they log in, they browse)


Sometimes however, after entering credentials, the page the user is redirected to is blank and i see ACCESS%DENIED in the URL.  Firefox reports that the client was redirected in a way that will not complete.

Worse still, on the radius server, when this happens, i see NO activity logged, even when debugging against my mac address or username.


Does anyone have an idea of what is going wrong?


config is:

aaa authentication captive-portal "portal-tst"

default-role "authenticated"
server-group "AAA-Radius"
no logout-popup-window
login-page "/upload/custom/portal/index.html"
no enable-welcome-page
white-list "OTHEROCSPCRL"
white-list "globalsignOCSPcrl"

user-role pre-portal-tst
captive-portal "portal-tst"
access-list session v6PermitOCSPcrl
access-list session permitOCSPcrl
access-list session netbios-acl
access-list session istns-http
access-list session v6-logon-control
access-list session logon-control
access-list session netid-http
access-list session captiveportal
access-list session captiveportal6

wlan ssid-profile "portal-tst"
essid "portal-tst"
g-basic-rates 6 12 24
g-tx-rates 6 9 12 18 24 36 48 54
max-clients 38
wmm-vo-dscp "56"
wmm-vi-dscp "40"
wmm-be-dscp "24"
wmm-bk-dscp "8"
local-probe-req-thresh 20

aaa profile "aaa-portal-tst"
initial-role "pre-portal-tst"

user-derivation-rules "test-mac-role"

wlan virtual-ap "portal-tst-VAP"
aaa-profile "aaa-portal-tst"
ssid-profile "portal-tst"
vlan 1026
broadcast-filter all
auth-failure-blacklist-time 600
blacklist-time 0





Guru Elite

Re: captive portal Access Denied sometimes

The complete answer is in your custom HTML.  Have TAC take a look at it.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba Technical Webinars
Occasional Contributor II

Re: captive portal Access Denied sometimes

Thanks, I will do that if it continues.
It may have been a bad ipv6 configuration on one of the controllers for that vlan.