'[PacketFence-users] Aruba IAP - Cpative Portal'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       packetfence-users
Subject:    [PacketFence-users] Aruba IAP - Cpative Portal
From:       Jeremy Yoke via PacketFence-users <packetfence-users () lists ! sourceforge ! net>
Date:       2021-08-10 14:22:44
Message-ID: 1ba306a6fb6644dca3fe59ad97647cf2 () S-XOL-EXCH01-19 ! esterline ! net
[Download RAW message or body]

Hello All,

I have searched through the archives and see I have a similar problem, but none of \
the answers seem to help or they end in seemingly no conclusion. I have a new install \
of Packetfence 10.2 on Debian 9.13 (Stretch). I am struggling with getting the \
captive portal working in a solid manner with my IAPs (Aruba IAP-225) v6.5.4 (has a \
Virtual Controller)

The captive portal works when I use URL http://my.ip.add/Aruba , but it shows Not \
Implemented when I use http://my.ip.add/Aruba::Instant_Access With the /Aruba URL I \
am able to register and login, it unfortunately does not assign my role.  In the \
auditing it says it gets no response -  Reply-Message = Error - Timeout
If I disconnect and reconnect I am fully connected and the internet works as it \
should.  I believe however that having to disconnect and re-connect is not an \
efficient method. I have tried with COA, without COA, With a controller IP and \
without. Deauthentication method as Blank and as RADIUS as well as several of these \
combinations.  I maybe missing the right ones.

Anyone have a full write up on the configuration or fields that need to be filled on \
PF?  Unfortunately the guide does not cover captive portal with Instant Access. Also \
a config for the IAP?

Switches.conf

[10.1.145.100]
group=Aruba_IAP
description=Aruba VC

[10.1.145.105]
group=Aruba_IAP
description=Operations

[group Aruba_IAP]
type=Aruba::Instant_Access
radiusSecret=mysecret
description=Aruba Wireless AP
VoIPDHCPDetect=N
defaultRole=Test
registrationRole=registration
RoleMap=Y
registrationUrl=http://10.1.145.113/Aruba::Instant_Access
guestRole=guest
ExternalPortalEnforcement=Y
guestAccessList=guest
AccessListMap=Y
registrationAccessList=registration
defaultAccessList=Test
VlanMap=N
UrlMap=Y
useCoA=N

On IAP this is what I have:

wlan access-rule registration
Some settings/rules
wlan access-rule guest
  Some Settings/rules

wlan auth-server packetfencer
 ip 10.1.145.113
 port 1812
 acctport 1813
 retry-count 5
 key *****************
 rfc3576
 cppm-rfc3576-port 5999

wlan ssid-profile Test
 enable
 index 3
 type guest
 essid Some-Guest
 opmode opensystem
 max-authentication-failures 0
 vlan 159
 auth-server packetfencer
 set-role-pre-auth registration
 rf-band all
 captive-portal external profile packetfencep
 mac-authentication
 dtim-period 1
 broadcast-filter arp
 radius-accounting
 dmo-channel-utilization-threshold 90
 local-probe-req-thresh 0
 max-clients-threshold 64

wlan external-captive-portal packetfencep
 server 10.1.145.113
 port 80
 url "/Aruba"
 auth-text ""
 redirect-url https://www.myinternetpage.com/
 auto-whitelist-disable
 server-offload


Jeremy Yoke
Info Tech Manager



_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic