11-19-2013 12:20 PM
11-19-2013 01:17 PM
I found this in another post:
It looks like what I need but I'm not sure if I meet the 4 Assumptions mentioned and how to implement it.
11-21-2013 07:01 AM
You need to have the captive portal mapped on your initial role (look at your aaa profile your using the initial role since your not authenticating your user PSK is not authentication).
After you get the captive portal displayed, user accepts AUP by default they will be placed in the guest role.
11-21-2013 05:26 PM
Thanks ddipert. I went to security>Authentication>Profiles and then to the AAA profiles tab, and clicked on ABCD_GUEST-aaa-profile and changed the initial role from Authenticated to ABCD_GUEST-captiveportal-profile and applied the config. Then I connected to the guest wi-fi and it let me right on and I browsed to the internet with no accept page. Guests used to have to provide a username and password at the captive portal. I didn't change anything with the captive portal. I just changed over to WPA2 with passphrase. Do I need to make changes to the captive portal? I know I will need to upload custom text for our page but I thought there is a default page in there.
11-21-2013 06:23 PM
Need to make the required changes to the captive portal or create a new captive portal to reflect the box with an "I Accept".
The 2nd part is to map the captive portal to the role.
go to: config->access control->ABCD_GUEST-captiveportal role
edit the role look for "captive portal profile" use the drop down to find the captive portal you created/modified. Click "change" then apply. See the screen shot provided.
This is off topic but why are you on such old code?
11-21-2013 06:46 PM
OK I went into the document from that link I posted above. Of the 4 requirements listed
AssumptionsThe following assumptions apply to the configuration example:
- A valid Policy Enforcement Firewall (PEF) license is installed.
- The software version on the controller is 3.x.
- The VLAN 100 and DHCP servers of the Captive Portal users are already defined.
- The SSID profile "public" with essid "public" is already defined.
1. I have the PEF license installed.
2. The software is 3.x
3. I don't have VLAN 100 defined. We use VLAN 900 for our guest network so I guess I would reference VLAN 900instead of VLAN 100 in the configs provided. We use VLAN 100 elsewhere on our wired network
4. How do I make a SSID profile "public" with essid "public" ?
I did the config listed up to step 6. I guess my question is how do I define an SSID profile "public" with essid "public"?
11-21-2013 07:34 PM
Yes you would need a support contract to upgrade. I don’t recommend running without a support contract. But that’s your business.
What we are dealing with is the role that is assigned to a user when they associate to your said (the initial role) needs to have a captive portal on the role. Inside the role the policy should be logon-control & captive portal.
The policy will allow basic network access (DNS, DHCP… ETC) and the captive portal will redirect the user to the captive portal page.
cp-logon might be a better initial role if the policies are correct.
11-21-2013 08:48 PM
Thanks again. I think I'm close with that config example from Aruba. I'm piecing things together in the CLI but I just ran out of time in my maintenance window so I'll have to revisit later. I agree with you on the support contract. I'd love to have it again but unfortunaltely I don't control the $$$ around here!