Security

Reply
Occasional Contributor II
Posts: 18
Registered: ‎06-13-2013

Different captive portal for each SSID?

We have a wireless network with 19 IAPs (a mix of 105 and 135) and ClearPass Policy Manger/Guest.

 

Currently there is a single SSID with external captive portal from the CPPM Guest for guest self registration.

 
We would like to create another SSID pointing to a different captive portal, but on the virtual controller the external portal url seems to be a global setting that effects all SSIDs using a captive portal.

 

We need SSIDs for 2 business units in the same building that display different corporate branding in the portal.

 

Am I missing something on the virtual controller or is this a CPPM Guest issue?

 

Thanks

 

tharg

Aruba
Posts: 1,377
Registered: ‎12-12-2011

Re: Different captive portal for each SSID?

Well...there is a way with using a redirect initial page withing ClearPass Guest.  In instant alone, as of today, there is only one captive portal.

 

See the how-to below:

 

This functionality is achieved by pointing Instant to a "redirect" Captive Portal on CP Guest (redirect.php). This redirect page simply looks at the presented SSID (essid), then forwards the user onto the appropriate final login page.

 

For this example, we will use two SSIDs : guest (guestlogin.php) and employee (employeelogin.php).

 

ClearPass Guest Config

  • Create the initial redirect page (redirect.php in this example)
  • Add the following HTML code into the Header HTML section
  • Note that if your SSID contains dashes for example, make sure to put quotations around the SSID name, like this: {if $essid eq "instant-guest1-1"}

{if $essid eq guest}
<meta http-equiv="refresh"
content="0;url=http://10.75.32.3/guestlogin.php?mac={$mac}"/>
{/if}

{if $essid eq employee}
<meta http-equiv="refresh"
content="0;url=http://10.75.32.3/employeelogin.php?mac={$mac}"/>
{/if}

  • ?mac={$mac} is added to the end so that the MAC address presented to the initial redirect.php, is passed to the final login page. This is optional, depending if the customer wants visibility of the user's MAC address.  
    • Other attributes can be included, as needed. 

 

Here is a screenshot of the Login Page section of the redirect.php Web Login: 

800px-Cpginstantredirect.png

 

The guestlogin and employeelogin will be configured as required. 

 

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor II
Posts: 18
Registered: ‎06-13-2013

Re: Different captive portal for each SSID?

Hi Seth,

 

That looks to be exactly what I need.  I'll get a new guest self-registration page created for the reidrect.php and do some testing.

 

Thanks

 

tharg

Occasional Contributor II
Posts: 18
Registered: ‎06-13-2013

Re: Different captive portal for each SSID?

Tried out the solution suggested by Seth and it does exactly what I'd hoped.  Once i realised that spaces as well as dashes in the SSID name require quotes.

 

Thanks

 

tharg

Search Airheads
Showing results for 
Search instead for 
Did you mean: