This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Captive portal redirection issues at 5.9.2

Captive portal redirection issues at 5.9.2

Vedran_Jurak
New Contributor II

‎06-26-2018 08:25 AM

Hi all,

Recently upgraded some sites to 5.9.2. Clients started complaining they are unable to login in the captive portal.

Captive portals being used are hosted on the APs. Some are using customized, some are running external pages.

Looks like it's a problem only with certain devices, mostly newer Androids. Clients are getting either timeouts or SSL protocol errors during redirection.

I'm seeing clients captive portal assistants trying to open http://1.1.1.1:880 which now gets redirected to https://1.1.1.1:880 by CloudFlare and that explains the SSL error and also the timeouts because there's nothing at that location.

Anyhow, did not see anything in the release notes but did notice article https://extremeportal.force.com/ExtrArticleDetail?an=000089675

I've set a virtual hostname for all captive portals which solves the issue, but do we need to change some setting for the new 1.1.1.2 redirection IP address to take effect? Recreate the captive portal?

Thanks.

Best regards.

0 Kudos
6 REPLIES 6

Ondrej_Lepa
Extreme Employee
In response to Ondrej_Lepa

‎06-26-2018 08:32 AM

Vedran,

when you just change the config adding server host captive.test instead of keeping this on defaul values, does it work (redirect to 1.1.1.2)?

Regards,
Ondrej
0 Kudos

Vedran_Jurak
New Contributor II
In response to Ondrej_Lepa

‎06-26-2018 08:32 AM

Hi Ondrej,

I've created a new, test CP on 5.9.2, tried several clients so far, three Androids running versions 6, 7 and 8 and one Win 10 PC.

All of them were redirected to 1.1.1.1 so the new redirect IP is definitely no working.

Logs:

client:mu_mac: 04-D6-AA-XX-XX-XX redirect url: http://1.1.1.1:880/CP-DS/agreement.html?hs_server=1.1.1.1&Qv=it_q
client:mu_mac: B4-52-7E-XX-XX-XX redirect url: http://1.1.1.1:880/CP-DS/agreement.html?hs_server=1.1.1.1&Qv=it_q
client:mu_mac: 40-B8-37-XX-XX-XX redirect url: http://1.1.1.1:880/CP-DS/agreement.html?hs_server=1.1.1.1&Qv=it_q
client:mu_mac: D8-FC-93-XX-XX-XX redirect url: http://1.1.1.1:880/CP-DS/agreement.html?hs_server=1.1.1.1&Qv=it_q

None of the Androids were able to authorize, all show SSL error and / or timeout. Win 10 PC opened the CP page without issues.

Regarding the article, I suggest adding a workaround to use a virtual hostname or a proper hostname, depending on the scenario.

Also from the article, small typo, https://1.1.1.2:880/cgi-bin/hslogin.cgi should actually be http because it's port 880.

I've tried using a secure CP, redirect IP is the same:

client:mu_mac: 04-D6-AA-XX-XX-XX redirect url: https://1.1.1.1:444/CP-DS/agreement.html?hs_server=1.1.1.1&Qv=it_q

When I accepted the SSL certificate, the CP page opened I was able to authorize all Androids.

In any case please check with the engineers regarding 1.1.1.1 still being used.

Best regards.

0 Kudos
GTM-P2G8KFN