Controller Based WLANs

How can I enable the captive-portal authentication if I don't have a PEF license installed on my Aruba controller? I am running ArubaOS 2.5.x code version on my controller.

by on ‎07-10-2014 09:56 AM

Product and Software: This article applies to all Aruba controllers with ArubaOS 2.5.x.

 

With the ArubaOS 2.5.2 release, Captive Portal is available in the base operating system; you do not need to install the Policy Enforcement Firewall license in the Mobility Controller for this feature. In the base operating system, Captive Portal users are first placed into the predefined cpbase user role, which allows only DNS, DHCP, and HTTP or HTTPS connections to the network. Upon authentication, Captive Portal users are allowed full access to their assigned VLAN.

 

Configuring the Captive Portal

 

These are the basic tasks to configure Captive Portal in the base operating system:

1) Configure the Captive Portal for guest or authenticated users. In the base operating system, enable Captive Portal on a per-ESSID basis.

 

2) If you are using Captive Portal to authenticate users, configure the authentication server that will be used to validate users. The authentication server can be an external server or the controller's internal database.

 

To configure either Guest Captive Portal or Captive Portal for a single ESSID, follow these steps either in the WebUI or the CLI:

 

From WebUI:

 

1) Navigate to Configuration > Basic > WLAN. Enter the SSID name (for example, Deepak). Under 802.11 Security, select either Guest Captive Portal (for unauthenticated users) or Captive Portal (for authenticated users). If you select Captive Portal, specify the authentication server that will validate the username and password for Captive Portal users.

2) Under Authentication Servers, click Add.

3) Under Choose an Authentication Server, select the authentication server that will be the primary server and click Add.

4) To add additional authentication servers as backup servers, repeat these steps.

The servers appear in the order of descending priority. The first entry is always the primary server. To change the order, use the up or down arrows to move an entry higher or lower in the list.

5) Specify the VLAN to which users will be assigned and click Apply.

 

You can optionally configure other Captive Portal parameters by navigating to the

Configuration > Advanced > Security > Authentication Methods > Captive

 

Portal Authentication page.

 

For example:

 

captivebaseOS.jpg

 

From the CLI, execute the following commands:

 

(Aruba) #configure t

 

Enter configuration commands, one per line. End with Cntrl+Z.

 

(Aruba) (config) #ap location 0.0.0 virtual-ap "Deepak" vlan-id 1 opmode opensystem deny-bcast enable hide-ssid disable

(Aruba) (config) #aaa captive-portal match-essid "Deepak"

(Aruba) (config) #aaa captive-portal auth-server "Internal"

(Aruba) (config) #write mem

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.