How to configure multiple Profiles for External Captive Portal on IAP 4.0

Aruba Employee

Introduction- 

  • Problem:
    • Previous versions of IAP only allowed a global set of External Captive Portal (ECP) settings which is shared across all ECP SSIDs
    • This made it difficult for managed service providers who want to provide different portals to different customers.
  • Solution:
    • In IAP4.0, up to eight separate ECP profiles could be created
    • Each profile could be assigned to one or more wireless SSIDs, wired port profiles, and/or client Roles
    • The first profile (default) is reserved and serves as the placeholder for the global profile in previous versions
    • A new ‘Use HTTPS’ option is also added so the external ECP server is no longer required to implement the HTTP to HTTPS redirect

Environment- This feature is applicable for the deployment of client doing external captive portal

Network Topology- No network topology applied to this config.

Configuration Steps- Configuration UI: create/edit ECP profile from SSID or wired profile wizard

In the wizard, select or create a new ECP profile in the “captive portal profile” drop list

rtaImage (2).jpg

 

rtaImage (3).jpg

ECP profiles can also be managed in “Security” -> “External Captive Portal” -> “New” or “edit”

rtaImage (4).jpg

 

Configuration UI: Choosing different profiles in different SSIDs

rtaImage (5).jpg

 

rtaImage (6).jpg

Configuration UI: Using ECP profile with role-derivation

  • Different clients use different ECP profile after connect the same SSID
  • Use role derivation to make different clients assigned to different role

rtaImage (7).jpg

  • For the default profile, CLI is identical to previous versions except for the new “https” command
    wlan external-captive-portal
     server 172.16.11.10
     port 443
     url "/"
     auth-text "Authenticated"
     auto-whitelist-disable
     https
     exit
    wlan ssid-profile ecp
     captive-portal external
     exit
    wired-port-profile wired_ecp
     captive-portal external
     exit
    wlan access-rule role_role
     captive-portal external
     exit
  • The name “default” does not appear in “show run” for backward compatibility

 
 

  • To create a custom profile:
    wlan external-captive-portal ecp_profile1
     server 172.16.11.10
     port 443
     url "/"
     auth-text "Authenticated"
     auto-whitelist-disable
     https
     exit
    wlan ssid-profile ecp1
     captive-portal external profile ecp_profile1
    wired-port-profile wired_ecp1
     captive-portal external profile ecp_profile1
    wlan access-rule role_ecp1
     captive-portal external profile ecp_profile1
  • To delete a custom profile:
    no wlan external-captive-portal ecp_profile1 

To avoid confusion with the default profile, one cannot create a custom profile with the name “default”

Answer- From the above steps we could notice how to configure multiple profiles for ECP on IAP. 

Verification- The command Show network <name of the network>  will confirm if external captive portal is enabled on SSID profie.

Troubleshooting- Troubleshooting
 
show external-captive-portal ” is used to show all the external captive portal profiles on IAP

For example:
00:24:6c:c0:0a:d7# show external-captive-portal

External Captive Portal
-----------------------
Name          Server        Port  Url         Auth Text      Redirect Url  Server Fail Through  Disable Auto Whitelist  Use HTTPs  In Use  Redirect Mode
----          ------        ----  ---         ---------      ------------  -------------------  ----------------------  ---------  ------  -------------
default       localhost     80    /           Authenticated                Disable              Enable                  Yes        Yes     Yes
ecp_profile1  172.16.11.10  80    /aruba.php                               Disable              Enable                  No         Yes     Yes

show network <SSID profile name> ”  -- check which ECP profile used in SSID 

For example:
00:24:6c:c0:0a:d7# show network zlfeng

L2 Auth Failthrough    :Disabled
Captive Portal         :external
ECP Profile            :ecp_profile1
Exclude Uplink         :none
Hide SSID              :Disabled
Content Filtering      :Disabled
 

 

Version history
Revision #:
1 of 1
Last update:
‎04-02-2015 09:57 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.