Hi everyone,
We've been moving over to a separate ArubaOS 8 environment with Clearpass (6.10.7) hosting the guest captive portal for the guest wifi service.
Ever since we started moving clients over from AOS6 to AOS8, we've heard of complaints that the captive portal either doesn't load right away or it takes so long that they give up. MAC authentications for previously authenticated clients works perfectly though. When we test on the AOS6 environment the portal loads almost instantly after associating to it. I've experienced this issue on AOS8 at times but not consistently.
The two environments do have a slightly tweaked role but nothing that should be blocking the webpage from loading for the clients. These are the pre-authentication roles for AOS6 and AOS8 respectively:
AOS6
user-role MFC-Guest-logon
captive-portal "MFC-Guest-cp"
access-list session global-sacl
access-list session apprf-MFC-Guest-logon-sacl
access-list session logon-control
access-list session allow-ClearPass
access-list session captiveportal
!
AOS8
user-role MFC-GUEST-LOGON
access-list session CLEARPASS-PORTAL
access-list session captiveportal
access-list session GUEST-LOGON-ACCESS
captive-portal MFC-GUEST-CP
!
The ACLs are mostly default or basic in their functions to allow limited access before being authenticated. The only odd thing that sticks out is that the captive-portal item is at the top of the list in the AOS6 role while the AOS8 role has it at the bottom. Could this be the issue?
Another interesting thing we discovered during our staging of the AOS8 environment was that the captive portal page wouldn't load properly (kept refreshing itself) when the ACL "CLEARPASS-PORTAL" was lower in the list of positions in the role. When we moved it to the top, the page loaded normally but we still have our ongoing, sporadic, delaying issue.
Thanks for any tips or suggestions.
Edit: Forgot to add that this behavior is happening on Windows laptops, iPhones, and Android based phones. So pretty much across the board.
Edit 2: The new AOS8 environment Guest SSID is also using Enhanced Open with backwards compatibility.
------------------------------
Jose
------------------------------