Aruba Central user may need a centralized web-server to host captive portal page for their distributed networks across the globe like coffee shops, restaurant or hotels.
Aruba central 2.0 has a new feature called Cloud Guest or Guest Management that allows administrator to create a splash page for guest users using Web server and radius server running in the cloud. The splash page that admin creates, is hosted on the web server in the Central. When guest user connects to guest WiFi and try to open a web session, IAP will intercept the web session and redirects guest user to splash page. On the splash page (based on authentication type), once user enters his credentials, IAP will do radius authentication with the radius server hosted in the Central. On successful authentication, user will be put in the post authentication role, where user gets more access based on the access rules.
Step 1: Go to Guest Management -> Add new profile
Step 2: Select Authentication Type
Authentication types can be one of the following:
- Anonymous login
- Guest operator generated credentials
- Self registration
- Social login (integration with Facebook, Google+, Twitter & LinkedIn)
Step 3: Customization of Splash Page
After basic configuration is done, splash page can be customized to add background colors, text color, company's logo, advertisement etc.
Step 4: Create new profile for Guest WLAN or edit your existing WLAN profile
Step 5: Go to Security tab and under Slash Page Type, select Splash page profile that you created
The guest operator can also create guest user accounts. For example, a networks administrator can create a guest operator account for a receptionist. The receptionist creates user accounts for guests who require temporary access to the wireless network. The guest operator can add, edit, and remove user accounts an can specify expiration time for user accounts.
Adding a visitor
1. To add new visitor, go to the Account tab under Visitor and click on the Add Visitor.
2. Guest administrator needs to fill out some basic information to create guest account including guest account validity. Username & Password details can be shared with visitor via email or text message as well.
Once configuration is pushed from Central to IAP, in running configuration WLAN user should be able to see the SSID, captive portal server and authentication server configuration.
# show running-config
wlan ssid-profile CloudGuest_1 enable index 0 type guest essid CloudGuest_1 opmode opensystem max-authentication-failures 0 vlan guest auth-server AS1_#guest#_ auth-server AS2_#guest#_ set-role-pre-auth default_#guest#_ rf-band all captive-portal external profile default_#guest#_ dtim-period 1 inactivity-timeout 60 broadcast-filter none radius-accounting radius-interim-accounting-interval 10 dmo-channel-utilization-threshold 90 local-probe-req-thresh 0 max-clients-threshold 64
wlan external-captive-portal default_#guest#_ server jenkins-guest-aws-81.test.pdt1.arubathena.com port 443 url "/portal/scope.cust-124/default/capture" auth-text "" https
wlan auth-server AS1_#guest#_ radsec ip jenkins-guest-aws-81.test.pdt1.arubathena.com port 1812 acctport 1813 timeout 20 nas-id b47319d0-a696-4eff-809c-0a033b82b17e rfc3576
wlan auth-server AS2_#guest#_ radsec port 443 ip cloudguestelb-81.arubathena.com port 1812 acctport 1813 timeout 20 nas-id b47319d0-a696-4eff-809c-0a033b82b17e rfc3576