Access Points

Reply
Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Third Party APs

Hello,

i am interested on Functionality of the Third Party Access Points. How does they connect to the Controller? Via a GRE Tunnel or anything else. I have seen this possibility on the Licence Page. But i can t find any Document for this Topic.

Thank you and best Regards
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Third Party APs

If you have a third-party AP, the Aruba can police the traffic from them if you connect them to an "untrusted" Aruba interface. When users connect to the third-party AP, their traffic flows to the untrusted port of the Aruba Controller and they can be presented with a Captive Portal page for further access into the network. There is also a feature called "stateful 802.1x" where if a third-party AP doing 802.1x is connected to an untrusted port on the Aruba controller, the controller can sniff see the positive response from the radius server and apply a role to the user connected based on radius attributes. The ArubaOS user guide describes how to configure stateful 802.1x


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 82
Registered: ‎02-15-2008

Re: Third Party APs

Hello,

A agree with you. With this design every vendor could be used.

But i mean the Third Party Aps where are Licences on the controller available. Ortronics a Netgear for example. For what is this Licence Modul and how are the functionality?

Best Regards
Aruba Employee
Posts: 119
Registered: ‎05-16-2007

Third Party APs

Ortronics APs were the Ortronic WiJack-DUO. These were wall gang box
based APs marketed by Ortronics. They do still sell them, but the Aruba
Ortronics relationship was dissolved last year. This is an artifact of
this relationship because there are customers out there using the WiJack
DUO.

Netgear licensing is two fold...in Asia, Netgear OEMs some stripped down
800 controller and AP combinations. As well, with the same system there
are a few Netgear branded APs that can be used with the controller in
these markets. This is a very limited thing so don't assume that your
Staples-purchased SOHO Netgear AP can be used with your Aruba
controller.

Does that help?
Occasional Contributor II
Posts: 19
Registered: ‎07-13-2009

Re: Third Party APs

Hi Colin Joseph,

I have connected third party APs (concretelly Dlinks APs) to one of the Aruba's controller Ports and configured it as an an untrusted ports with a firewall policy wich contains the msswitch to redirect to the captive portal, as well as other traffic roules like permite dhcp, permit dns, permit https, and so on. The thing is that finnally I get the redirection to the captive portal through the Third Party AP but after the entering of the user credentials, the browsers shows me another page which says something like "you will be redirected after 10 seconds to that site". OK so after 10 seconds, the browser redirects me to the captive portal Again!!!. Why? What's going wrong? :(. I thouugh it was working successfully but still i have this problem! :(

Thanks a lot!!

Regards

Albert
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Captive Portal Authentication Profile

That happens when you captive portal authentication profile has a default role of "logon". Change the default role to "authenticated" or anything else that allows proper traffic to pass.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 19
Registered: ‎07-13-2009

Captive Portal authentication for Untrusted Ports

Hi Aruba's players,

against, I have tried to configure one physical port as untrusted. and Still there it not redirection to the captive portal. I have the newer firmware ArubaOS 3.4.0.4. What I do is:

Configuration-> Network->Ports : I select which Port I want to be untrusted.
Then I have configured the port with the following:
- enabled port: checked.
-Make Port Trusted: unchecked.
- Port Mode: Access. As I have only one DLink 2100 AP connected to that Port.
- VLAN: That VLAN I need. Trusted: checked and VLAN firewall Policy: nothing. I don't understand what does this policy and which is the difference with the Firewall policy.
- Firewall policy: In: nothing, Out: nothing. Only the OS has by default the Ethernet Policy: validuserethacl. session: c_porta which is a created policy which has the same logon-control policy and the same captive portal policy, all of them in one single policy called c_portal. Because the firewall policy needs to specify a policy , an ACL.
- Enable MUX: I try to check it but after that I don't know why the OS does uncheck it.
Spanning Tree: Unchecked.

SO!! the questions:

- Configuring the port as untrusted, the captive portal does not appear!. does it should appear? I think the ACL is important too, because without the roules that contains the logon-protocols (dhcp, dns and so on) and also the mswitch roule to make HTTP redirect, nothing works, although the port configured as unstrusted.
- Also collins said that when make the port as unstrusted, aruba apply the configuration of Advanced Services-> Wired Access. That configuration is applied if we have Aruba Wired Multiplexor. I have tried to choose the captive portal in the AAA section but still does not works. I don't get the redirection to the CAPTIVE PORTAL.

What's wrong?? Whys is so complicated? What to I need to get the captive portal? its true that I need the Aruba Wired Multiplexor, to make Wired Access?

Thank you very much for your attention!!!!

regards!!
Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Untrusted


Hi Aruba's players,

against, I have tried to configure one physical port as untrusted. and Still there it not redirection to the captive portal. I have the newer firmware ArubaOS 3.4.0.4. What I do is:

Configuration-> Network->Ports : I select which Port I want to be untrusted.
Then I have configured the port with the following:
- enabled port: checked.
-Make Port Trusted: unchecked.
- Port Mode: Access. As I have only one DLink 2100 AP connected to that Port.
- VLAN: That VLAN I need. Trusted: checked and VLAN firewall Policy: nothing. I don't understand what does this policy and which is the difference with the Firewall policy.
- Firewall policy: In: nothing, Out: nothing. Only the OS has by default the Ethernet Policy: validuserethacl. session: c_porta which is a created policy which has the same logon-control policy and the same captive portal policy, all of them in one single policy called c_portal. Because the firewall policy needs to specify a policy , an ACL.
- Enable MUX: I try to check it but after that I don't know why the OS does uncheck it.
Spanning Tree: Unchecked.

SO!! the questions:

- Configuring the port as untrusted, the captive portal does not appear!. does it should appear? I think the ACL is important too, because without the roules that contains the logon-protocols (dhcp, dns and so on) and also the mswitch roule to make HTTP redirect, nothing works, although the port configured as unstrusted.
- Also collins said that when make the port as unstrusted, aruba apply the configuration of Advanced Services-> Wired Access. That configuration is applied if we have Aruba Wired Multiplexor. I have tried to choose the captive portal in the AAA section but still does not works. I don't get the redirection to the CAPTIVE PORTAL.

What's wrong?? Whys is so complicated? What to I need to get the captive portal? its true that I need the Aruba Wired Multiplexor, to make Wired Access?

Thank you very much for your attention!!!!

regards!!




Albert,

You have everything configured right. Instead of plugging the Dlink, try plugging in a laptop in that wired port and see if you get an IP address, and can open up the portal page. if not, make sure the port on the controller is in the guest Vlan and try the laptop again.

Of all the settings you have, the only one that you have to do is uncheck the "Trusted" parameter on the interface to make this work. No PORT acls in or out, or MUX settings is necessary. If the laptop works, the DLINK should work if it is set to get a DHCP address.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: