Wireless Access

 View Only
last person joined: 3 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Guest WIFI splash webpage not prompt on laptop

This thread has been viewed 30 times

  • 1.  Guest WIFI splash webpage not prompt on laptop

    Posted 4 days ago

    Hi,
    We are using Aruba AP and Aruba Clearpass in the environment.
    Visitor come and connect to Guest WIFI SSID, able to get IP address from DHCP, and the laptop supposed to trigger a splash webpage for the user to key in their information. 
    Problem is that the splash screen is not trigger on the laptop and this is the problem.
    However, on mobile phone, it is triggering the splash screen.

    Please help me out on this for any idea or hints.



  • 2.  RE: Guest WIFI splash webpage not prompt on laptop

    EMPLOYEE
    Posted 3 days ago

    Have you tested with another laptop of device?

    also try to test the splash page trigger with just IP address to rule out DNS related issue.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 3.  RE: Guest WIFI splash webpage not prompt on laptop

    Posted 20 hours ago

    Yes, we have tested with multiple devices and mobile phones. 
    If someone / visitor came and want to connect to Guest WIFI, the laptop is not splash but the mobile phones is splashing. 

    the URL is using FQDN and if I manual provide the visitor the URL and ask to paste it on the browser, it will shown the page.


    Original Message


  • 4.  RE: Guest WIFI splash webpage not prompt on laptop

    EMPLOYEE
    Posted 14 hours ago

    What if the User is trying to access a Website? For instance CP does not show off, type in any website address, will that be intercepted and will CP be provided?

    Which OS is the Laptop using?


    Original Message


  • 5.  RE: Guest WIFI splash webpage not prompt on laptop

    Posted 14 hours ago

    It will shown no page found, as the request of internet is not yet been approved. hence no internet. 

    Laptop, so far tested with Win 7 and Win 10. 

    The issues here is why the browser is not triggering the default browser to the splash page.

     


    Original Message


  • 6.  RE: Guest WIFI splash webpage not prompt on laptop

    EMPLOYEE
    Posted 14 hours ago

    Just wanted to verify if Captive Portal detection is disabled.
    Best would be to take a PCAP to see what is going on under the hood.
    Could be that the issuer of the Cert is not in the Trust List of the OS.


    Original Message


  • 7.  RE: Guest WIFI splash webpage not prompt on laptop

    Posted 14 hours ago

    Hi 
    1. Can you please what is captive portal detection is disable? I'm not sure?

    2. Also and cert in the trust list? Where can I check this


    Original Message


  • 8.  RE: Guest WIFI splash webpage not prompt on laptop

    EMPLOYEE
    Posted 11 hours ago

    1. Check this registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet\EnableActiveProbing
    0: means no Probing 1: do probing

    2. -> Open a Dos Prompt and type in "certmgr". This will open the Certification Manager of Windows. "Trusted Root Certfifcation Authorities" - "Certificates" lists all trusted CAs. Here search for the issuer of your Captive Portal Cert of ClearPass.

    Have you checked Microsoft Event Viewer for more information?


    Original Message


  • 9.  RE: Guest WIFI splash webpage not prompt on laptop

    Posted 10 hours ago

    You write that the captive portal is opened on mobile phones, which means that WLAN AND ClearPass are configured correctly. The fact that Captive-Portal can be opened manually on Windows PCs also speaks in favor of this.

    Modern OS perform a test after WLAN connection and automatically recognize that a captive portal is present. That probably means @cordless.

    Furthermore, a public signed certificate must be used for the HTTP server in ClearPass, otherwise the client does not trust the certificate and displays a certificate warning. This is what @cordless means by "Trust List of the OS".

    If the mobiles do not display a warning, you must already be using a public signed certificate. 

    From a technical point of view, the controller sends an HTTP 302 code in preauthenticated role, which means resource moved, the captive portal URL is in the packet.   Recognizing the captive portal is a client thing, you cannot influence it in the ClearPass or WLAN controller. Old OS like Windows 7 cannot detect it. You have to open a browser under Windows 7. If the browser does captive portal detection, you will see it. If the browser cannot do it either, any URL must be opened manually, then the controller will also send an HTTP 302 packet.

    The HTTP 302 packet must reach the client. Can you use wireshark to check whether this is the case?
    Are the Windows PCs in the same IP network as the mobiles? Maybe a firewall is blocking the packets? 



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message