ArubaOS and Controllers

Reply
New Contributor
Posts: 4
Registered: ‎08-01-2007

Guest Access

Can anyone tell me how many wireless clients can use the same username and password at the same time? We'd like to give out one username for captive portal users rather than create a new one for each user.
Thank you
Aruba Employee
Posts: 3
Registered: ‎04-02-2007

Re: Guest Access

There is no limit. There will be an option to limit to just one client starting from ArubaOS 3.4
Frequent Contributor I
Posts: 108
Registered: ‎09-26-2008

Re: Guest Access

Hi All,

Does anyone how to configure Captive Portal on the Wired ports of Aruba controller instaed of the WLAN?

Cheers,
Michael
Guru Elite
Posts: 20,018
Registered: ‎03-29-2007

Wired Ports

Michael,

It is normally as simple as making that wired port "Untrusted" under the interface configuration.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor I
Posts: 108
Registered: ‎09-26-2008

Thanks, Colin!

Thanks for your help, Colin!

Does Aruba have any Documentation on this?
I was unable to find this on the ArubaOS User Guide.

Cheers,
Michael
Guru Elite
Posts: 20,018
Registered: ‎03-29-2007

Port Configuration

Just go to Configuration Tab > Ports (under Network) and click on the physical port on the controller you want wired users authenticated via captive portal. On the right there will be a checkbox for the port configuration called "Make Port Trusted". Uncheck that box and click on apply.

If you want to do this the commandline way you would do the following:

config t
interface fastethernet x/y
no trusted
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor I
Posts: 108
Registered: ‎09-26-2008

Noted.

Thanks for the clarification, Colin!
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Untrusted

Colin, please check me here, but just making the ethernet port untrusted will mean your "logon" role must get your guest user into the captive portal.

I my case, I use a set of centralized controllers in a DMZ and the initial role for my guest SSID is something other than "logon". My custom role basically sends all guest user traffic down a GRE tunnel to the active guest controller. So, I had two options:

1. Modify the logon role to match my guest SSID's initial role and make the port untrusted.

2. Create a policy that matched all the rules in my guest initial role and apply that to the guest ethernet interface as a session acl.

I chose "2" and created and applied the acl to the ethernet interface, as I did not want to touch the factory default logon role in the first place. I also put the guest ethernet interface in my guest vlan as well.

I may have made things more confusing for the original poster, but I just wanted to point out that, in some implementations, it can be a little more than just what was explained.
Guru Elite
Posts: 20,018
Registered: ‎03-29-2007

Untrusted

Mike,

When you make a port untrusted it gets the initial role of the AAA profile specified under Configuration > Advanced Services> Wireless Access, so you can make it anything that you want for those untrusted ports. By default it is the "default" aaa profile which normally has the "logon" role as the initial role.
Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: Guest Access

Oh, nice! Thanks Colin.
Search Airheads
Showing results for 
Search instead for 
Did you mean: