ExtremeWireless (Aerohive)

 Captive Web Portal suddently not loading accross multiple APs.

w1f1n00b's profile image
w1f1n00b posted 01-27-2021 17:59

When connecting to my open ssid the cwp will not load. tried all the normal tricks. If I manually type in the local IP for the portal 198.***etc. the portal loads and I can accept it. Any ideas why this is happening all of the sudden? A complete update to the AP did not resolve the issue.

 

Also I found this KB article - https://extremeportal.force.com/ExtrArticleDetail?an=000091612&q=captive%20web%20portal

and I’m not understanding why this internal IP would need to be resolvable by DNS. What would happen if a publid DNS is used such as googles 8.8.8.8?

w1f1n00b's profile image
w1f1n00b

It was DNS… It’s always DNS :-)

If anyone can point me to any documentation regarding the technical details of the CWP process and why DNS is required please send them my way.

Sam Pirok's profile image
Sam Pirok

I’m not finding anything but I have put in a request to get something written up, I’ll pass that on as soon as we have it. 

Ash Finch's profile image
Ash Finch

Bit late to the party, but I had a bit of a look at this a couple of months ago. Not 100% got my head around it, so some of the below may be incorrect but hopefully some of it may make sense :smile:

So first a bit of a history lesson, in older firmwares the CWP address used to be 1.1.x.x. This used to be fine until Cloudflare came along and started using 1.1.1.1 I believe :) But as this became unavailable it got switched to 198.18.x.x in later firmwares- important to note this is not a typo and is meant to be 198., not 192.! Still a private IP though, that when combined with a DNS entry allows the client/AP to resolve to the Captive portal (as we can’t directly hook the client due to it being HTTPS rather than http).

Why the IPs and where do they come from? Well, easiest if you go into one of your APs CLI and run the below:

First of all “show interface”. In the list you’ll see all of your SSIDs twice, one for WiFi0 and another for WiFi1 on a specific interface. Find the SSID that has the captive web portal. Lets say for example it was on WiFi0.6 and WiFi1.6. 

Next command is to run “show ip route” and you’ll get something like the below
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 mgt0
127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 mgt0
198.18.12.0 0.0.0.0 255.255.254.0 U 0 0 0 wifi0.6
198.18.44.0 0.0.0.0 255.255.254.0 U 0 0 0 wifi1.6

Our two CWP interfaces have got assigned an IP, which is what the DNS record will need to be (if you have more than one SSID with a CWP you’ll see more of course).

As far as I’m aware the DNS record should only be needed if you’re using HTTPS on captive portals.