Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

wifi-controler rules

This thread has been viewed 0 times

  • 1.  wifi-controler rules

    Posted Dec 06, 2011 09:05 AM

    I have creed a guest_20M  account on the controler for a user  with 20m download but the controler get the deault guest role

    on aruba controler creed a guest_20M  account but the user is always login in the default guest account



  • 2.  RE: wifi-controler rules

    EMPLOYEE
    Posted Dec 06, 2011 11:09 AM
    @epianon wrote:

    I have creed a guest_20M  account on the controler for a user  with 20m download but the controler get the deault guest role

    on aruba controler creed a guest_20M  account but the user is always login in the default guest account

    So you need to do one of two things. Either change the default guest role to your new guest_20M (this all depends on how your authitication is done: internal DB, RADIUS, etc), or set the bandwidth limit on the "guest" role.



  • 3.  RE: wifi-controler rules

    Posted Dec 06, 2011 01:57 PM
    It's not possible to change the default guest rules then this is just for the
    Guest with a up-download 512kb , and the guest_20mb is for an special
    Guest with an up-download for 20 MB , with a login and pw in the internal
    DB
    The goal is that the special guest gets a faster internet connection


  • 4.  RE: wifi-controler rules

    EMPLOYEE
    Posted Dec 06, 2011 02:00 PM

    Just change the role on the Internal DB user accounts to that new role you created. Then when they login, they should get that guest_20mb role.



  • 5.  RE: wifi-controler rules

    Posted Dec 06, 2011 02:06 PM
    That what i have done , but when the spetial guest enter his login and pw he
    Is going in the default guest role and not in the guest roles guest_20M


  • 6.  RE: wifi-controler rules

    EMPLOYEE
    Posted Dec 06, 2011 02:44 PM

    Please run the following command and post the output (this assumes you are doing captive portal for guest access):

     

    #show aaa authentication captive-portal Your-CP-Profile-Name-Here

     

     

    "Guest Login" should be Disabled in this profile. If this is enabled, it allows guests to login without authentication.



  • 7.  RE: wifi-controler rules

    Posted Dec 07, 2011 02:40 AM

     

    Guest Login is disable



  • 8.  RE: wifi-controler rules

    MVP
    Posted Dec 07, 2011 08:18 AM

    Does the role configured for a user in the internal database always gets preference over the default role configured in the captive portal profile when using the internal dbase for the authentication?

     

    Because that's what's happening.. the default role from the CP-profile (guest) is getting applied to the user instead of the user-role (guest_20M) configured for the user in it's internal dbase record.

     

     

     

    (Aruba3600) #show local-userdb       


User Summary
------------
Name       Password  Role         E-Mail  Enabled  Expiry  Status  Sponsor-Name  Remote-IP  Grantor-Name
----       --------  ----         ------  -------  ------  ------  ------------  ---------  ------------
guest4825  xpkt0955  guest_20M            Yes              Active                0.0.0.0    admin

User Entries: 1

(Aruba3600) #show aaa authentication captive-portal default

Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter                                     Value
---------                                     -----
Default Role                                  guest
    Default Guest Role                         blocked

     



  • 9.  RE: wifi-controler rules

    Posted Dec 07, 2011 10:18 AM

    the default guest role is guest , how to change it 



  • 10.  RE: wifi-controler rules

    MVP
    Posted Dec 07, 2011 10:42 AM

    To change the default role simply change it in the captive-portal profile (Configuration > Security > Authentication > L3 Authentication > Captive Portal Authentication Profile) and change the Default Role of the captive portal which role you want to change.

     

    Or in CLI:

    (Aruba) #show aaa authentication captive-portal

Captive Portal Authentication Profile List
------------------------------------------
Name                            References  Profile Status
----                            ----------  --------------
default                         0                   
test-cp_prof                    1           


(Aruba) #show aaa authentication captive-portal test-cp_prof

(Hepcut-Master) #configure terminal 
Enter Configuration commands, one per line. End with CNTL/Z

(config) #aaa authentication captive-portal test-cp_prof default-role ?
<default-role>          Assign default role


  • 11.  RE: wifi-controler rules

    Posted Dec 07, 2011 11:11 AM

    i have change the default role to guest_20m but the customer get's always the default guest role

     

    wifi1.png

     

    wifi2.png

     

     



  • 12.  RE: wifi-controler rules

    MVP
    Posted Dec 07, 2011 11:26 AM

    You're looking at the default CP-profile while I'm willing to bet your customer is using the other CP-profile in your screenshot :smileywink:

     

    To see which CP-profile is actualy used drill down from the used AP-group (via Configuration > AP Configuration) all the way till you see the aaa-profile used. In this aaa-profile see what initial role is used.

    Now look up that role in Configuration > Access Control. 'Edit' that role to see what is configured. Scroll down till you can see the Captive Portal Profile attached to it.

     

    Now go back to edit this  captive-portal-profile its default role (Configuration > Authentication > L3 Authentication > Captive Portal Authentication Profile).