Menu
▾
▴
Re: [PacketFence-users] guest wifi users not redirected to captive portal
|
From: Andrew S <and...@ca...> - 2018-02-27 15:59:15
|
I checked the iptables on pk and it’s accept anywhere like you stated. I changed things around and now, when I try to connect to SSID, my phones says authentication error and packefence says my phone mac address is getting rejected in Auditing screen. My setup is pretty much same as the screen from that Cisco forum you linked, except VLANs and VLAN IDs are different. *From:* E.P. [mailto:yp...@gm...] *Sent:* Monday, February 26, 2018 8:25 PM *To:* 'Andrew S' <and...@ca...>; pac...@li... *Subject:* RE: [PacketFence-users] guest wifi users not redirected to captive portal Well, you said, you have Cisco WLC setup for the purpose of redirecting. I used to have some experience with it but at this time I don’t use it, can’t verify it. Have you seen this discussion at Cisco forums ? https://supportforums.cisco.com/t5/getting-started-with-wireless/cisco-wlc-and-packetfence-captive-portal-configuration-guide/td-p/2958678 One of the conditions to verify in your PF installation is iptables rules. Run “iptables -L” from CLI and see if you have iptables allowing http(s) on input-portal-if Chain input-portal-if (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https In my case when I point my browser to PF captive portal page I end with an error message saying “Your computer was not found in the PacketFence database. Please reboot to solve this issue.” And I do believe it is expected because the web page does come up. Now I’d appreciate some guidance on how to start redirecting guest WiFi to see something like this: https://www.youtube.com/watch?v=v6vjbmAoPrY Eugene *From:* Andrew S [mailto:and...@ca... <and...@ca...>] *Sent:* Monday, February 26, 2018 2:25 PM *To:* E.P. <yp...@gm...>; pac...@li... *Subject:* RE: [PacketFence-users] guest wifi users not redirected to captive portal Thanks for the comment. I just separated my management and portal IP now. My test wifi phone is still connected to SSID without going through captive portal. When I go http://<portalIP> , it says <portal ip> refused to connect. HAproxy is enabled. I’m not too sure how registration vlan come into play in my scenario.. do I even need both registration and isolation vlans? I really appreciate any help Below is some of my configuration. Let me know if anything looks off. Interfaces Authentication Switch *From:* E.P. [mailto:yp...@gm...] *Sent:* Monday, February 26, 2018 1:41 PM *To:* pac...@li... *Cc:* 'Andrew S' <and...@ca...> *Subject:* RE: [PacketFence-users] guest wifi users not redirected to captive portal Hi Andrew, I’m almost in the same boat as you since I’m trying to rebuild the PF from scratch to make it work for webauth/captive portal for guest WiFi since my bosses assigned this task a higher priority. I reinstalled PF from 7.3 to 7.4 and configuring it now. I want to use PF for both management and captive portal on the same subnet so I cheated and deployed it like this: [image: cid:image001.png@01D3AF06.C8AFDEF0] The key point here is to have management and captive portal on different IP addresses/interfaces. My previous attempt to make it work on the same interface didn’t work. Once you have it all working make sure that haproxy is started. (I’m just looking back to what Fabrice advised me) If it is started try to point your browser to https://captive.portal.ip.address/captive-portal If you see the page then you are in business as captive portal is enabled by default. I’m at this point now and figuring what to do next. Anyone else, any other ideas ? Eugene *From:* Andrew S via PacketFence-users [ mailto:pac...@li... <pac...@li...>] *Sent:* Monday, February 26, 2018 12:14 PM *To:* pac...@li... *Cc:* Andrew S <and...@ca...> *Subject:* [PacketFence-users] guest wifi users not redirected to captive portal Hi, I’m new to packetfence and very lost on how to set it up for guest wifi captive portal. I’m trying to setup vlan enforcement so guest users go through captive portal for term and conditions for internet. I’m not using 802.1x or anything, I just want any wireless guest users to be redirected to a basic captive portal for temporary internet access. I set up 2 network interfaces in packetfence; 1 for management/captive portal(10.5.225.0/24) and 1 for registration interface(172.17.67.0/24). Null type authentication source is setup with : condition equals = <testSSID> then set = role <guest> and duration <1 hour>. I also setup Network device for Cisco wireless controllers with ACLs. Cisco WLC side is all set up with ACLs, CoA, RADIUS, WPA2 security, etc. When I connect to this test SSID through cisco WLC, test phones don’t get redirected to captive portal, it just connects to SSID/Internet like there is no packetfence at all. I must be missing very fundamental step, but not sure what it is. Can someone give me some high-level setup instructions or some pointers to where to check? Thank you |
