Security

Reply
Occasional Contributor II
Posts: 34
Registered: ‎04-24-2013

Captive Portal Authentication-)CPA)

Dear Forum,

 

                        Our guest users are using captive portal authentication for access internet.I found some of our employee users are using captive portal for accessing internet.I dont want them to authenticate via CPA.I want employee users to connect to there SSID only and guest users to there SSID only.

Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Re: Captive Portal Authentication-)CPA)


vinit@tifr.res.in wrote:

Dear Forum,

 

                        Our guest users are using captive portal authentication for access internet.I found some of our employee users are using captive portal for accessing internet.I dont want them to authenticate via CPA.I want employee users to connect to there SSID only and guest users to there SSID only.


If you are authenticating captive portal users, you would only give out usernames and passwords to guests to possibly solve that problem.  How are you allowing guest access today?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 34
Registered: ‎04-24-2013

Re: Captive Portal Authentication-)CPA)

[ Edited ]

I am allowing  guest users to login via CPA only but some of my employee users can also login via CPA.I dont want employee user to login via CPA.

Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Re: Captive Portal Authentication-)CPA)

Do they login because they have the password?  If they have the password, we cannot stop them.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 34
Registered: ‎04-24-2013

Re: Captive Portal Authentication-)CPA)

[ Edited ]

We are using mac based authentication plus 802.1x authentication for employee users,if both mac and 802.1x is passed then employee users can access internet using EMPLOYEE ssid and since for guest users we are using Captive portal authentication we are providing them username and password to access internet using GUEST ssid.Somehow i found employee users can access to internet using GUEST ssid.I want to separate them.Guest users can access via only to GUEST ssid and Employee users can access via EMPLOYEE ssid only.Please suggest any solution to this problem.

Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Re: Captive Portal Authentication-)CPA)

First you need to find what credentials they are using to access the guest network.  Then you can fix your problem.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 34
Registered: ‎04-24-2013

Re: Captive Portal Authentication-)CPA)

They are using there own username and password which we have aasigned them in 802.1x and mac based authentication.With those username and password they are accesing guest network.

Guru Elite
Posts: 20,576
Registered: ‎03-29-2007

Re: Captive Portal Authentication-)CPA)

The Captive Portal Authentication profile for your guest network has a server group that it uses to authenticate users.  That server group must not have your 802.1x server in it, otherwise your employees can access your guest network.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 113
Registered: ‎11-27-2012

Re: Captive Portal Authentication-)CPA)

As cjoseph points out: If the server that is used for 802.1x exists in the server group that authenticates your guests, then the employee users will be able to authenticate on that SSID.

 

Just a thought:

Do your captive portal have a static username / password used by everyone?

If you don't have the 802.1x server in the CP server group, then maybe some of your employees is using that username/password to access the guest SSID? You can easily check this by going to Monitoring > Controller > Clients and checking the Auth Type Column. If you see "Captive Portal" here for an employee user, then they have logged in this way.

 

 

-----------------------------------
-ACMX #352-
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Occasional Contributor II
Posts: 34
Registered: ‎04-24-2013

Re: Captive Portal Authentication-)CPA)

Yes the Auth type conatins Captive Portal...please suggest what changes i have to do to stop them accessing via GUEST SSID.

Search Airheads
Showing results for 
Search instead for 
Did you mean: