ICX and captive portal

  • 1
  • Question
  • Updated 3 months ago
  • Acknowledged
Hello everybody. I'm trying to have my ICX7150 (08.0.80) working with an external captive portal. My device connected to eth 1/1/11 receives an IP address an if it manually open the captive portal page it works, but ... no way to have it displayed automatically or being redirected opening another web site. Where am i wrong? Here's the config, i've follwed online guide (my captive is on Cloudpath): https://ruckus-support.s3.amazonaws.com/private/documents/2478/ruckus-icx-flexible-auth-cloudpath-52-dp.pdf?AWSAccessKeyId=AKIAJM3QLNNKLOV235TQ&Expires=1557155681&Signature=n4NyA9sgP1PNx65c6iBwzc4gDAs%3D

This is my config.

Current configuration:
!
ver 08.0.80dT211
!
captive-portal cloudpath
  virtual-ip <myfqdn>
  virtual-port 443
  login-page /enroll/portal/reset
!
!
default-vlan-id 4000
!
vlan 1 name Management by port
 tagged ethe 1/2/1
 untagged ethe 1/1/1 to 1/1/10
 management-vlan
 default-gateway  <A.B.C.D> 1
!
vlan 75 name Ospiti_DiRete by port
 tagged ethe 1/2/1
 untagged ethe 1/1/11
 webauth
  captive-portal profile cloudpath
  auth-mode captive-portal
  trust-port ethernet 1/2/1
  enable
!
vlan 4000 name DEFAULT-VLAN by port
!
aaa authentication dot1x default radius
aaa authorization coa enable
aaa accounting dot1x default start-stop radius
aaa accounting mac-auth default start-stop radius
ip address <A.B.C.D> 255.255.255.0
ip dns domain-list domain.local
ip dns server-address <A.B.C.D>
!
logging console
!
radius-client coa host <A.B.C.D> key <key>
!
web-management https
!
interface ethernet 1/3/1
 speed-duplex 1000-full
!
interface ethernet 1/3/2
 speed-duplex 1000-full
!
end

Photo of Stefano Costantini

Stefano Costantini

  • 3 Posts
  • 0 Reply Likes

Posted 4 months ago

  • 1
Photo of Jijo Panangat

Jijo Panangat, Employee

  • 27 Posts
  • 9 Reply Likes
Photo of Stefano Costantini

Stefano Costantini

  • 3 Posts
  • 0 Reply Likes
Hello Jijo, suddenly the captive portal appears, but ...

does not work (see error on the bottom)

About your suggestion: in Cloudpath 5.4 Mac registration already has the option for ICX with redirect and post. I've even tried with forcing a redirect as indicated in the document you've posted, but i have this:

Web Auth in Vlan 75: Authentication failed (# of attempts tried: 3) for user : stefano using mac: xxxx.xxxx.xxxx

Could be the mac address syntax? 
(Edited)
Photo of Jijo Panangat

Jijo Panangat, Employee

  • 27 Posts
  • 9 Reply Likes
Hello Stefano,

Here is a sample switch config for web authentication using external captive portal if you would like to cross check your side.

!
captive-portal cp-sqa
virtual-ip cloudpathsqa.wwie.video54.local
virtual-port 80
login-page /enroll/RuckusWireless/Production/
!
vlan 3 name INTERNET by port
tagged ethe 1/1/10
untagged ethe 1/1/1
spanning-tree
webauth
captive-portal profile cp-sqa
auth-mode captive-portal
no secure-login
trust-port ethernet 1/1/10
enable
!
vlan 100 name Management-NW by port
tagged ethe 1/1/10
untagged ethe 1/1/20
spanning-tree
management-vlan
default-gateway 10.176.166.1 1
!
aaa authentication dot1x default radius
aaa authorization coa enable
aaa accounting dot1x default start-stop radius
aaa accounting mac-auth default start-stop radius
!
ip address x.x.x.x/24
ip dns domain-list wwie.video54.local
ip dns server-address x.x.x.x <x.x.x.x>
!
radius-client coa host x.x.x.x key <Icx>
radius-server host x.x.x.x auth-port 1812 acct-port 1813 default key <Icx> dot1x mac-auth web-auth
radius-server accounting interim-updates
radius-server accounting interim-interval 5
!
web-management https 


Secondly, we have a similar issue related to Captive portal redirection fixed in FI08070e or FI8090a (not fixed in 8080 patches) Please upgrade and test if feasible.