Skip to main content

Wed, Oct 9, 2019 2:14 PM

SZ 100 external captive portal login. Where to POST?

Hi,
I have a SmartZone 100, configured to use an external captive portal with RADIUS. It correctly redirects the user to the external login page. The AAA Test also works fine.
My issue is that the when the user enters the credentials, the POST seems lost in the network....

The external captive portal login page receives the following request:

?nbiIP=192.168.x.y&client_mac=xxxxxxxxxxx&reason=Un-Auth-Captive&wlanName=MY_WIFI&dn=scg.ruckuswireless.com&ssid=MY_SSID&mac=44:1e:98:1e:31:a0&url=http%3A%2F%2Finit-p01st.push.apple.com&proxy=0&vlan=30&wlan=3&sip=scg.ruckuswireless.com&zoneName=WEDtGa9sj1EOy6-qqLWQBw_1570617665657&StartURL=&uip=ENCxxxxxxxxx

Then, once it collects the username and password, sends a POST to
https://192.168.x.y:9998/SubscriberPortal/hotspotlogin
with parameters: username, password and the other parameters that came in with the request.

I am not using NBI, should I?
I also tried posting to scg.ruckuswireless.com, but the Url doesn't exist. What am I doing wrong? Where to send the form POST?

I'm following this manual
SZ100VSZE-5.1.1-WISPrPortalReferenceGuide-RevA-20190426.pdf

Thank you
Desperately,
Frullo

Responses

4 Messages

 • 

92 Points

a year ago

Was there ever a solution on this? We are facing the same issue.

1 Message

 • 

10 Points

Any update?

158 Messages

 • 

2.7K Points

And one more thing -- by default, vSZ uses encryption for information in this POST, it is also described in manual. So in the beginning turn MAC address encryption off (cli command on vSZ node console, look in the manual)  and get things work without encryption. You can deal with encryption later.

158 Messages

 • 

2.7K Points

10 days ago

Hi,

There are 2 possible problems:

1. Certificate. If your WISPR server doesn't have public SSL certificate (or SZ doesn't have full chain to trust it), this will fail. To check this, switch to http (port 9997), if it will work than, it is defenitly certificate issue. To make self-signed certificate work, you probably need to import it's CA into vSZ.

2. Check that "NAS IP" is set properly in WLAN configuration to "controller IP" (Radius options, visible only when Radius accounting is set on, but work even if accounting later is disabled). It is possible that POST is sent to other node, which doesn't know about that client.

Hope it helps.

(edited)