ArubaOS and Controllers

Reply
MVP
Posts: 360
Registered: ‎01-14-2010

Captive Portal and roles

Hello,

The 3.4.2 User Guide states that the Captive Portal will have an initial user role when people associate to the SSID and they will have a user role after they successfully login. Is there a way to assign different roles based on that log in criteria? I'd like to have a two SSIDs on my campus: one would be an 802.1x SSID that would use server-based role derivation; the other would be the guest SSID that could restrict people if they don't have an AD username and password in one role, and in another role would allow a little more access than guest. This later part may have to be done with two separate SSIDs.

I understand that this type of AAA granularity might not be available in the portal, but I figured I'd give it a shot and ask the question.

Thanks for any help you can offer!

-Mike
Guru Elite
Posts: 20,018
Registered: ‎03-29-2007

Server Rules

You can:

Create a new server group
Add your authentication server to that group, plus whatever returned attributes you want to derive roles from
Add that server group to your Captive Portal Authentication profile. In the below example, I added my internal server (this can be any LDAP or Radius server if you like). I also added a rule that is looking for an attribute, Filter-ID to have student in it. Whenever someone authenticates successfully and it sees that attribute, it will but the user in the student role. I also attached that server group to the Captive Portal Authentication profile that I'm using below:

If you are using LDAP for a server, more often than not, the attribute that you probably need to look for is memberOf. Use the aaa query-user command http://airheads.arubanetworks.com/vBulletin/showthread.php?t=376 to see what attributes are returned for memberOf.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
MVP
Posts: 360
Registered: ‎01-14-2010

Re: Captive Portal and roles

Colin,

You're the man, thanks! I can't wait to give this a try tomorrow afternoon.

I'll post any follow up questions to this as they arise.

-Mike
MVP
Posts: 360
Registered: ‎01-14-2010

Re: Captive Portal and roles

Colin,

Thanks, I was able to get it working!

-Mike
Search Airheads
Showing results for 
Search instead for 
Did you mean: