IAP: IAP WISPr

WISPrの良さはクライアントSWを入れているため、無線LANのMACアドレスが確実に取れる。センター設備でCaptive-portalは通常L2接続をクライアントまであれば、MACアドレス情報がとれるが、L3の場合はとれない。WISPrであれば、L3になってもクライアントのMACアドレス情報が取得可能。

The generic guide specifies WISPr 1.0 specification.

http://www.ipass.com/wp-content/uploads/2011/10/Generic_Interface_Specification.pdf

Login Method:

curl -A Wi2Connect -v "https://securelogin.arubanetworks.com/cgi-bin/login?cmd=login&mac=8c:29:37:ee:28:9c&ip=10.215.1.95&opcode=wispr&if;" -d "UserName=user1" -d "Password=aruba123" -d "button=Login" -d "OriginatingServer=/test/login/redirect" -k

curl -A iPassConnect -v "https://securelogin.arubanetworks.com/cgi-bin/login?cmd=login&mac=8c:29:37:ee:28:9c&ip=10.215.1.95&opcode=wispr&if;" -d "UserName=user1" -d "Password=aruba123" -d "button=Login" -d "OriginatingServer=/test/login/redirect" -k

Logoff Method:

curl -A Wi2Connect -v "http://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&ip=10.215.1.95&opcode=wispr" -k

curl -A Wi2Connect -v "https://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&ip=10.215.1.95&opcode=wispr" -k

curl -A iPassConnect -v "http://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&ip=10.215.1.95&opcode=wispr" -k

curl -A iPassConnect -v "https://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&ip=10.215.1.95&opcode=wispr" -k

以下のLogoffメソッドは失敗する！

curl -A Wi2Connect -v "http://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&ip=10.215.1.90&opcode=wispr" -k

curl -A Wi2Connect -v "https://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&ip=10.215.1.90&opcode=wispr" -k

Testing:

Curl windows版

http://curl.haxx.se/gknw.net/7.40.0/dist-w32/curl-7.40.0-rtmp-ssh2-ssl-sspi-zlib-idn-static-bin-w32.zip

C:\curl>curl -A Wi2Connect -v "https://securelogin.arubanetworks.com/cgi-bin/log

in?cmd=login&mac=8c:29:37:ee:28:9c&ip=10.215.1.95&opcode=wispr&if;"

-d "UserName=user1" -d "Password=aruba123" -d "button=Login" -d "OriginatingServ

er=/wi2free/login/redirect" -k

*   Trying 172.31.98.1...

* Connected to securelogin.arubanetworks.com (172.31.98.1) port 443 (#0)

* TLSv1.0, TLS handshake, Client hello (1):

* TLSv1.0, TLS handshake, Server hello (2):

* TLSv1.0, TLS handshake, CERT (11):

* TLSv1.0, TLS handshake, Server finished (14):

* TLSv1.0, TLS handshake, Client key exchange (16):

* TLSv1.0, TLS change cipher, Client hello (1):

* TLSv1.0, TLS handshake, Finished (20):

* TLSv1.0, TLS change cipher, Client hello (1):

* TLSv1.0, TLS handshake, Finished (20):

* SSL connection using TLSv1.0 / AES128-SHA

* Server certificate:

*        subject: serialNumber=lLUge2fRPkWcJe7boLSVdsKOFK8wv3MF; C=US; O=securel

ogin.arubanetworks.com; OU=GT28470348; OU=See www.geotrust.com/resources/cps (c)

11; OU=Domain Control Validated - QuickSSL(R) Premium; CN=securelogin.arubanetwo

rks.com

*        start date: 2011-05-11 01:22:10 GMT

*        expire date: 2017-08-11 04:40:59 GMT

*        issuer: C=US; O=GeoTrust Inc.; OU=Domain Validated SSL; CN=GeoTrust DV

SSL CA

*        SSL certificate verify result: self signed certificate in certificate c

hain (19), continuing anyway.

> POST /cgi-bin/login?cmd=login&mac=8c:29:37:ee:28:9c&ip=10.215.1.95&amp

;opcode=wispr&if; HTTP/1.1

> User-Agent: Wi2Connect

> Host: securelogin.arubanetworks.com

> Accept: */*

> Content-Length: 87

> Content-Type: application/x-www-form-urlencoded

>

* upload completely sent off: 87 out of 87 bytes

* HTTP 1.0, assume close after body

< HTTP/1.0 200 OK

< Transfer-Encoding: chunked

< Content-Type:text/html;

<

<html> <!--<?xml version="1.0" encoding="UTF-8"?><WISPAccessGatewayParam xmlns:x

si="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ht

tp://us-rws-gw.ipass.com/pages/WISPAccessGatewayParam.xsd"><AuthenticationReply>

<MessageType>120</MessageType><ResponseCode>50</ResponseCode><LogoffURL>http://s

ecurelogin.arubanetworks.com/cgi-bin/login?cmd=logout&amp;ip=10.215.1.95&amp;opc

ode=wispr</LogoffURL></AuthenticationReply></WISPAccessGatewayParam>--> </html>*

 Closing connection 0

* TLSv1.0, TLS alert, Client hello (1):

C:\curl>curl -A Wi2Connect -v "http://securelogin.arubanetworks.com/cgi-bin/logi

n?cmd=logout&ip=10.215.1.95&opcode=wispr" -k

*   Trying 172.31.98.1...

* Connected to securelogin.arubanetworks.com (172.31.98.1) port 80 (#0)

> GET /cgi-bin/login?cmd=logout&ip=10.215.1.95&opcode=wispr HTTP/1.1

> User-Agent: Wi2Connect

> Host: securelogin.arubanetworks.com

> Accept: */*

>

* Recv failure: Connection was reset

* Closing connection 0

curl: (56) Recv failure: Connection was reset

Summary:

------------------------------------------------

In RADIUS attribute, IAP shows the logoff-URL below:

WISPr-Logoff-URL = https://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout

In the WISPr exchange, the logoffURL is displayed below:

<LogoffURL>http://securelogin.arubanetworks.com/cgi-bin/login?cmd=logout&amp;ip=10.215.1.90&amp;op

ode=wispr</LogoffURL>

------------------------------------------------

IAP's configuration: 

wlan ssid-profile wayport

 enable

 index 5

 type guest

 essid wayport

 opmode opensystem

 max-authentication-failures 0

 vlan guest

 auth-server External-RADIUS

 rf-band all

 captive-portal external profile ClearPass

 wispr

 dtim-period 1

 inactivity-timeout 1000

 broadcast-filter arp

 radius-accounting

 dmo-channel-utilization-threshold 90

 local-probe-req-thresh 0

 max-clients-threshold 64

!

wlan auth-server External-RADIUS

 ip 10.215.107.105

 port 1812

 acctport 1813

 key 0259b9c674ce44ab90a5c58c83891d477920233c77236862

 rfc3576

 cppm-rfc3576-port 5999

wlan wispr-profile

 wispr-location-name-operator-name Wi2Connect

 wispr-location-name-location Yokohama-Wi-Fi

 wispr-location-id-network Yokohama-Wi-Fi

 wispr-location-id-cc 81

 wispr-location-id-ac 0

 wispr-location-id-isocc JP

RADIUS Accounting: 

WISPr Client example(iPassConnect)

t