Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎10-01-2013

Different Captive portal logins for different SSID

HI

 

I have two SSIDs one is "Client" the other is "Guest"

 

Both SSIDs are on different vlans and have different firewall rules applied.

They both use captive portal and the built in Aruba user database.

 

The problem that arises is if I create a new user they can log into both SSIDs.

 

Is there a way or is this a limitation?

 

Thanks

Guru Elite
Posts: 20,579
Registered: ‎03-29-2007

Re: Different Captive portal logins for different SSID

If you are using the internal database for users, you cannot control what users in the internal database can connect to what SSID.  You would have to use a separate internal database for that separation.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎10-01-2013

Re: Different Captive portal logins for different SSID

How do you create a separate internal database for users and specify which SSID uses what Database?

Guru Elite
Posts: 20,579
Registered: ‎03-29-2007

Re: Different Captive portal logins for different SSID

You cannot do that.  You can only have a single internal database.  It is really only meant for guests.  Your corporate users, what do they use to login to their computers?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 6
Registered: ‎10-01-2013

Re: Different Captive portal logins for different SSID

[ Edited ]

Our Staff use RADIUS for authentication Vlan 1 but we have two types of guests. Be have business guests that need access to VPNs, Email Web etc, but no access to cooperate network so I put them on Vlan 2 somestimes its a one off. Then we have clients/patients with very restricted web access and they are on Vlan 3. also Isolated

 

how would this best be acomplished?

Guru Elite
Posts: 20,579
Registered: ‎03-29-2007

Re: Different Captive portal logins for different SSID


Labellep25 wrote:

Our Staff use RADIUS for authentication Vlan 1 but we have two types of guests. Be have business guests that need access to VPNs, Email Web etc, but no access to cooperate network so I put them on Vlan 2 somestimes its a one off. Then we have clients/patients with very restricted web access and they are on Vlan 3. also Isolated

 

how would this best be acomplished?


Okay.  You can create users in the local database that have two different roles:  One will be for business guests and the other will e for clients/patients...  When they authenticate at the Captive Portal, they will get their assigned role, based on who they are.  Their roles will have to firewall restrictions that you mention above.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Different Captive portal logins for different SSID

One thing you could try is to use the GuestUser:source option in your Enforcement policy

 

GuestUser:source EQUALS <name of the registration page>
or
GuestUser:source NOT_EQUALS <name of registration page>

This value gets create based on the Guest Self-Registration page your user registers against.

 

This might be one method to separate users stored in the Internal database. It's been a while since I tried this though so I am not sure if this is still valid.

 

 

Cheers

Guru Elite
Posts: 20,579
Registered: ‎03-29-2007

Re: Different Captive portal logins for different SSID

Bourne,

 

I don't think he has ClearPass at this time...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor II
Posts: 383
Registered: ‎09-05-2012

Re: Different Captive portal logins for different SSID

Well then ignore all that I said!

I'm an idiot :smileyindifferent:

 

Cheers

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Different Captive portal logins for different SSID

Hey that's usually my line..... :)

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: