Professional Documents
Culture Documents
Controller intercepts and spoofs the initial TCP handshake of the HTTP process. Client browser thinks that it is communicating to google.com
Controller intercepts all HTTP/HTTPS traffic of the client via DST-NAT ACL in the
user initial user-role (user any svc-http/https dst-nat 8080/8081)
HTTP Get
TCP Conversation IPs:
-User IP
-Requested URL IP HTTP 302 Temporarily moved message with controller's CP login URL) or HTTPs;//securelogin.arubanetworks.com
DNS query/response for CP Login URL (For the URL mentioned or to default securelogin.arubanetworks.com)
Controller intercepts DNS response which would have not resolved for securelogin and spoof the DNS reply resolving to its own IP address
Spoof the DNS reply resolving to its own IP address (for internal captive portal)/ If its external captive portals then the DNS should
TCP Conversation IPs:
-User IP
-Controller IP HTTP/HTTPS connection request to the controller/external captive portal
HTTP/HTTPS response form from Captive portal with the login page, from controller or from CCPM for external captive portal
Client puts in Username/Password and HTTP/HPPTS post to CPPM for external captive portal or to controller for internal captive portal
CPPM responds with Login message and hidden script, which would help the client to post the login form to controller without user interaction
• Redirected to user requested URL, Client is assigned post-auth user-role in the controller RADIUS ACCEPT