Security

Reply
New Contributor
Posts: 4
Registered: ‎01-30-2017

Iap and cppm, a single ssid with different authentication pages by circumstance (time)

Hello,
I have a demo platform for a solution made up of iap and cppm 6.6.
The integration between both was made by raidus specific profile for platform Aruba, and everything works well up to that point.

The problem is how to make a single ssid, example: ssid: visits, can re-address or re-direct url using a self-service portal and deploy a web with specific settings up to a certain time of day, example: http: // ipaddcppm / guest / Abc.php; And after a specific time and date have elapsed, to display another registration page with another self-service + sponsor type configuration, for example: http: //ipaddcppm/guest/123.php

I could see for reference the following 2 cases attached:


http://community.arubanetworks.com/t5/Security/Cisco-URL-Redirect/td-p/202713

http://community.arubanetworks.com/t5/Security/Different-captive-portal-for-each-SSID/m-p/96149#M6761

For the first case I already tried almost all the options available in the radius profile to modify this variable, and I could not find the correct one. I find it hard to believe that for integration with cisco wlc, it is so easy to make a change in the destination url for registration, and that it is sorted from the radius server cppm; And that for the iap, there is no direct modification option, being sent from cppm.

For the second case, I do not know the configuration by php, which I understand is what is used, but I do not see how I can compare the time variable and make decision making through this information, to know which page should be presented.

Thanks for the prompt help and assistance with this case.

MVP
Posts: 3,020
Registered: ‎10-25-2011

Re: Iap and cppm, a single ssid with different authentication pages by circumstance (time)

Hello Yiosep like i was telling you on saturday try this

https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Time-Based-Guest-Registration/ta-p/246002

 

Maybe that is what you are looking for?

Let us know if that is

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
New Contributor
Posts: 4
Registered: ‎01-30-2017

Re: Iap and cppm, a single ssid with different authentication pages by circumstance (time)

hi cdelarosa,

Thank you very much for the help information, correct answer ;)

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Iap and cppm, a single ssid with different authentication pages by circumstance (time)

[ Edited ]

While that solution works, it's an old-school way (as in Amigopod) of doing that instead of using the CPPM functionality.

 

Build your guest solution using MAB, server-sided login method that return role during mac-auth, which enforce different roles with different captive-portals. This way you have one way to do everything instead of smarty-code hidden within one or more portals.

 

Besides - doing guest using server-sided login is something you already should be doing to avoid having public https certificates on your controller/iap's.

 

Example of the enforcement profile in the attached screenshot

Here you should also be able to use in_range 08:00:00,15:59:00, tho I haven't tried it

14.02.jpg


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Search Airheads
Showing results for 
Search instead for 
Did you mean: