Extreme Networks

T_i_G · ‎03-25-2021

The recent enhancements on the Extreme Cloud IQ has broken an External Captive Portal integration that has been working very well with no issues on Aero Hive access points.

The initial redirect is failing with an error 500 which is not very helpful. This could use some better error handling and more user friendly error report.

Has anyone come across this since the most recent updates?

T_i_G · ‎04-06-2021

I have an update:

We discovered that one of the two external RADIUS hosts configured for the authentication service was actually unreachable. Potentially this may have been the route cause of the 500 error due to AP unable to talk to the radius host:

103e1ce956834a1a9bb49818d4726928_ee115e15-84c2-4b6f-8d20-516635d2b347.png

Clients can now authenticate OK but the 500 error now will not go away at least on my test client device despite clearing cache/restarting device. It gets displayed on initial redirect. I have to open the browser separately and request a non SSL URL in order to get redirected to our landing page.

However the problem with the 500 error, is the lack of information. It could at least display an error message such as, “Oops! I cannot reach your RADIUS host please make sure it’s up and running” or similar to save time.

View solution in original post

T_i_G · ‎04-06-2021

I have an update:

We discovered that one of the two external RADIUS hosts configured for the authentication service was actually unreachable. Potentially this may have been the route cause of the 500 error due to AP unable to talk to the radius host:

Clients can now authenticate OK but the 500 error now will not go away at least on my test client device despite clearing cache/restarting device. It gets displayed on initial redirect. I have to open the browser separately and request a non SSL URL in order to get redirected to our landing page.

However the problem with the 500 error, is the lack of information. It could at least display an error message such as, “Oops! I cannot reach your RADIUS host please make sure it’s up and running” or similar to save time.

T_i_G · ‎03-31-2021

Yes I have, I’m testing on the AP122. OS version is 8.2.4.0 (82r4).

The management console is ExtremeCloud IQ Pilot

Build ID: 2021-03-18-04.25.01
Build Version: 21.1.40.5

In my Policy’s Wireless Network settings, I have Enable Captive Web Portal turned on and User Auth on Captive Web Portal set. The Authentication Type is set to Redirect to External URL for Authentication.

ed4e3e276b814d73b60ceafdd961578e_f91929ad-c9c5-41b6-ad62-57aff83a4534.png

I then have the Default Captive Web Portal configured with the external page set in the Login URL mandatory field in the Captive Web Portal Settings with the Authentication Method set to PAP. I also have the external pages URL in the walled garden.

The configuration has been working well for years up until the most recent enhancements.

SamPirok · ‎03-29-2021

Thank you for that screen shot, that helps. Have you pushed a complete configuration update out to your APs since the most recent XIQ update?

T_i_G · ‎03-27-2021

Thank you Sam, we have pretty good error handling for the script running on the external host. We can run in it in debug mode and report any errors on any page where an exception was raised.

The 500 Error I am referring to above is coming from XIQ controller/AP. See attached.

Extreme Networks

External Captive Portal integration 500 error

External Captive Portal integration 500 error