Comments on: How To: Captive Portal With Local Authentication on the UnifiedController https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/ Everything Networking Thu, 19 Apr 2018 20:14:32 +0000 hourly 1 https://wordpress.org/?v=4.9.5 By: Kuchenmann https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-247 Mon, 12 Mar 2018 12:36:35 +0000 https://www.flomain.de/?p=67#comment-247 Same here, I had to add portal free-rule in direction coming from internet. But this article helped me a lot for basic configuration of portal. Thanks.

]]>
By: How To: Local Captive Portal with Remote Authentication - Flomain Networking https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-183 Fri, 25 Nov 2016 13:05:59 +0000 https://www.flomain.de/?p=67#comment-183 […] unified controller, using iMC and UAM for remote authentication. Please read my earlier post about captive portal and local authentication, as I will reuse most of the configuration. For this how to I use again the latest and greatest […]

]]>
By: How To: UAM Portal with the Unified Controller – Flomain Networking https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-171 Fri, 25 Nov 2016 07:42:55 +0000 https://www.flomain.de/?p=67#comment-171 […] How To: Captive Portal With Local Authentication on the Unified Controller […]

]]>
By: Marcis https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-16 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-16 Our HP 870 runs Conmware Version 5.20.109, Release 2607P46

]]>
By: Florian Baaske https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-18 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-18 Hi aka sreenivas,

With iMC UAM you cannot schedule this kind of access on a per user basis. you can use the "Access Condition" "Access Period Policy" to define this kind of stuff on a per policy basis using the Access Scenarios.

BR
Florian

]]>
By: Florian Baaske https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-20 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-20 Hi Marcis,

Actually, this will allow any traffic coming from the Bridge Aggregation to any destination. This is only the way back from the internet to the WLAN user, as traffic from the WLAN user will come from the ESS interface. I discussed this with some peers and we all agree that the this rule be created for the user automatically after the user is authenticated successfully. can you share the firmware version, which you use? Maybe I can try to figure out what's going on.

BR
Florian

]]>
By: aka sreenivas https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-24 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-24 Hi

Can we configure captive portal guest user schedule. Example I have user called TEST, I need to schedule internet access for TEST user, every day from 9:00 AM to 12:00PM.

]]>
By: Marcis https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-26 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-26 Hello Florian

Recently i was trying to bring local portal to work on HP 870. Portal page came up, user can log on but after that – no redirect happens.
In portal debug log i saw that DENY ACL still was being applied even after user authentication was OK. In our case local portal sends usernames and passwords to RADIUS server for verifying.
In desperation i contacted HP support. This is their reply, wanted to share it in case you or someone else runs into the same issue. This line solved this:

portal free-rule source interface Bridge-Aggregation1 destination any

Bridge-Aggregation 1 is the WLCs internal BAGG connecting it to WLCs internal switch.
It sounds like this will allow everything but in true user can't get to internet without authetication at portal first.

]]>
By: Mike https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-37 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-37 Hi Florian,

Thank you for your reply. I found a workaround to solve the problem but I couldn't post it before.
I had to add another portal-free rule to permit traffic coming from the Internet towards logged-on users. I added a rule to permit traffic for the whole guests network actually:

portal free-rule 3 source ip any destination ip 10.50.125.0 mask 255.255.255.0

As you explained in your post, captive portal restricts all traffic by default. There's an access list to control it. That access list can be displayed with "display portal acl" commands. I could see more and more entries added to the access list as users logged on. Those entries permitted outgoing traffic (to the Internet) for logged users, but no entry was added automatically to the access list to permit incoming traffic (from the Internet) for logged users. So I had to add it "manually" configuring the portal free rule I wrote at the beginnig of this post.

Best Regards,
Mike

]]>
By: Mike https://www.flomain.de/2014/07/how-to-captive-portal-with-local-authentication-on-the-unifiedcontroller/#comment-40 Mon, 21 Mar 2016 07:13:26 +0000 https://www.flomain.de/?p=67#comment-40 Hi Florian,

Thank you for your post. I've been checking this configuration and I can't make the captive portal appear when I try to open an HTTPS web site. Did you have this issue?

Regards,
Mike

]]>