ArubaOS and Controllers

Reply
Frequent Contributor II

Captive portal and non Aruba access points

Along with My Aruba gear I also have some 60 Cisco antonymous access points on which I am running a Guest Network. My Cisco Guest Network is limited to one specific VLAN and currently authenticated using a Chillispot Captive Portal and a FreeRADIUS AAA Server.

Eventually these Cisco APs will be replaced with Aruba units but in the meantime, I am wondering if it would be possible for me to force my Cisco Access Points to authenticate guest users through the Aruba Captive Portal. In other words all users on the guest SSID/Vlan get pushed to the Captive portal web page on my Aruba Controller. It seems to me that perhaps I might be able to accomplish this by using wired authentication but I have no idea how it might be done.

Does anyone have a scenario like this? Can this even be done?

Thanks in Advance.
Aruba Employee

Using Aruba Wired Auth with Cisco APs

Yes you can do that. I have customers doing that two different ways.

1. They put an Aruba AP70 that they are using as an AirMonitor in an IDF for every floor. There are no L3 interfaces on the guest subnet except through the Aruba controller. In this case the Aruba Controller is the default gateway but that is not required, it just needs to be inline. In order to get wired auth the second Ethernet port needs to be untrusted.

2. Create a guest vlan and terminate the entire vlan on a untrusted port on a Aruba controller. The design is the same as above with no other L3 ports on the subnet. You don't want someone to plug in and find a way around the Captive Portal by changing their default gateway.

BTW. You can also do this same thing with an Aruba Mux.

Gary
Occasional Contributor I

Captive portal and non Aruba access points


2. Create a guest vlan and terminate the entire vlan on a untrusted port on a Aruba controller. The design is the same as above with no other L3 ports on the subnet. You don't want someone to plug in and find a way around the Captive Portal by changing their default gateway.




This sounds like it might be the solution I'm looking for, but I'm not entirely sure how to go about it.

Here is my situation. I am broadcasting a Guest SSID from multiple Aruba and Cisco controller based APs. All users, requardless of which vendor's AP they connect to, get put into the same VLAN. I would like for all users connecting to the Guest network to be funneled through the Aruba captive portal. Internet connectivity is supplied by a cable modem.

Here are my questions. Should I make one of the Aruba 6000's interfaces the default gateway for the Guest network? If I do that, how do I get traffic to the cable modem? Would I need to connect the modem to the controller and create a static route between the two interfaces?

Hopefully I am just over complicating this setup. Do you guys know of any documentation for a situation like this?
Thanks
Tom
Occasional Contributor II

Re: Captive portal and non Aruba access points


This sounds like it might be the solution I'm looking for, but I'm not entirely sure how to go about it.

Here is my situation. I am broadcasting a Guest SSID from multiple Aruba and Cisco controller based APs. All users, requardless of which vendor's AP they connect to, get put into the same VLAN. I would like for all users connecting to the Guest network to be funneled through the Aruba captive portal. Internet connectivity is supplied by a cable modem.

Here are my questions. Should I make one of the Aruba 6000's interfaces the default gateway for the Guest network? If I do that, how do I get traffic to the cable modem? Would I need to connect the modem to the controller and create a static route between the two interfaces?

Hopefully I am just over complicating this setup. Do you guys know of any documentation for a situation like this?
Thanks
Tom




if u don't have intervlan routing enabled u can define a gateway for the vlan on aruba....
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: