Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 9
Registered: ‎06-25-2014

IAP 6.3 WPA2-Enterprise with Portal

Hi!

 

Since 6.2 it should be possible to add a captive portal after 802.1x auth, see http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Chapter11%20Authentication/ConfAccessRuleCPl.htm

 

 

Doing this, the CP is displayed (with just terms & conditions "Accept" - which is, what we want), but the CP is displayed again and again. Sure, because i stay inside this Role which enforces Portal Page again and again.

 

Do i need to assign another role based on the new CP-"authentication"? But how to do this?

 

Something like 

set-role ???? contains accepted "rule-allow-all" 

 

 

Any suggestions?

 

Kind Regards

 

Folke

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: IAP 6.3 WPA2-Enterprise with Portal

You would need a policy engine (like Clearpass) to be able to track whether the user has accepted the terms before.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 9
Registered: ‎06-25-2014

Re: IAP 6.3 WPA2-Enterprise with Portal

Hi Tim,

 

thanks for your very fast response.

 

But what's the sense that Instant supports internal splash screen as Role-Action ("Enforce Captive Portal") when it's not usable?

 

Is there a way to examine all values usable for role assignment?

 

Kind Regards from Munich


Folke 

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: IAP 6.3 WPA2-Enterprise with Portal

Maybe I misunderstood your question.

 

Are you saying the issue is that users are presented the captive portal every time they associate and you'd like them to only accept it once? 

 

-or-

 

Are you saying that the users remain in the captive portal redirect during their session and can't do anything else?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 9
Registered: ‎06-25-2014

Re: IAP 6.3 WPA2-Enterprise with Portal

Hi Tim,

 

yes, the users are remaining in the Captive Portal. 

 

My current goal is jus to reach a recurring captive portal as splash screen after every WLAN-Logon (with WPA2-Enterprise)...

 

That a permanently save of "License accepted" flags requires ClearPass  is clear for me.

 

Kind Regards


Folke

Guru Elite
Posts: 8,178
Registered: ‎09-08-2010

Re: IAP 6.3 WPA2-Enterprise with Portal

We'll have to wait and see what Marcus says. As far as I know, you cannot trigger a role change from a captive portal after an 802.1X authentication without a policy server that can do a RADIUS CoA.

The only time I've used a captive portal after an 802.1X authentication to dead-end a user and show them a "contact the help desk" style page.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: