Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Different captive portal for each SSID?

This thread has been viewed 1 times

  • 1.  Different captive portal for each SSID?

    Posted Sep 04, 2013 05:23 AM

    We have a wireless network with 19 IAPs (a mix of 105 and 135) and ClearPass Policy Manger/Guest.

     

    Currently there is a single SSID with external captive portal from the CPPM Guest for guest self registration.

     
    We would like to create another SSID pointing to a different captive portal, but on the virtual controller the external portal url seems to be a global setting that effects all SSIDs using a captive portal.

     

    We need SSIDs for 2 business units in the same building that display different corporate branding in the portal.

     

    Am I missing something on the virtual controller or is this a CPPM Guest issue?

     

    Thanks

     

    tharg


    #AP135


  • 2.  RE: Different captive portal for each SSID?
    Best Answer

    EMPLOYEE
    Posted Sep 04, 2013 06:59 AM

    Well...there is a way with using a redirect initial page withing ClearPass Guest.  In instant alone, as of today, there is only one captive portal.

     

    See the how-to below:

     

    This functionality is achieved by pointing Instant to a "redirect" Captive Portal on CP Guest (redirect.php). This redirect page simply looks at the presented SSID (essid), then forwards the user onto the appropriate final login page.

     

    For this example, we will use two SSIDs : guest (guestlogin.php) and employee (employeelogin.php).

     

    ClearPass Guest Config

    • Create the initial redirect page (redirect.php in this example)
    • Add the following HTML code into the Header HTML section
    • Note that if your SSID contains dashes for example, make sure to put quotations around the SSID name, like this: {if $essid eq "instant-guest1-1"}

    {if $essid eq guest}
    <meta http-equiv="refresh"
    content="0;url=http://10.75.32.3/guestlogin.php?mac={$mac}"/>
    {/if}

    {if $essid eq employee}
    <meta http-equiv="refresh"
    content="0;url=http://10.75.32.3/employeelogin.php?mac={$mac}"/>
    {/if}

    • ?mac={$mac} is added to the end so that the MAC address presented to the initial redirect.php, is passed to the final login page. This is optional, depending if the customer wants visibility of the user's MAC address.  
      • Other attributes can be included, as needed. 

     

    Here is a screenshot of the Login Page section of the redirect.php Web Login: 

    800px-Cpginstantredirect.png

     

    The guestlogin and employeelogin will be configured as required. 

     



  • 3.  RE: Different captive portal for each SSID?

    Posted Sep 04, 2013 07:13 AM

    Hi Seth,

     

    That looks to be exactly what I need.  I'll get a new guest self-registration page created for the reidrect.php and do some testing.

     

    Thanks

     

    tharg



  • 4.  RE: Different captive portal for each SSID?

    Posted Sep 04, 2013 09:13 AM

    Tried out the solution suggested by Seth and it does exactly what I'd hoped.  Once i realised that spaces as well as dashes in the SSID name require quotes.

     

    Thanks

     

    tharg