Wireless Access

So, here I am, trying simply to attach my own captive-portal profile to a user-role in ArubaOS 8 but failing miserably. 

If someone could comment on where I'm going wrong, that would be appreciated. If this is simply not possible anymore, my next question will be: "WHY NOT?!".

 

So here's my very simple setup:

(ArubaMM-VA) [md] #show configuration node-hierarchy 

Default-node is not configured. Autopark is disabled.

Configuration node hierarchy
----------------------------
Config Node            Type    Name
-----------            ----    ----
/                      System  
/md                    System  
/md/00:1a:1e:11:11:11  Device  md2
/md/00:1a:1e:22:22:22  Device  md1
/mm                    System  
/mm/mynode             System  

I start with the default captive-portal profile, 

(md1) #      show running-config | beg "user-role guest-logon"
user-role guest-logon
    captive-portal "default"
    access-list session ra-guard
    access-list session clearpass-portal
    access-list session logon-control-guest
    access-list session captiveportal
    access-list session v6-logon-control
    access-list session captiveportal6
!

but want to change this to my own custom one to save on autogenerated profiles etc
I created guest_selfreg for this purpose:

md1) #show aaa authentication captive-portal 

Captive Portal Authentication Profile List
------------------------------------------
Name           References  Profile Status
----           ----------  --------------
default        1           
guest_selfreg  0           

And here is me trying to attach this captive-portal to the guest-logon role:

(ArubaMM-VA) [mynode] #cd /md 
(ArubaMM-VA) [md] #
(ArubaMM-VA) [md] #configure terminal user-role guest-logon
(ArubaMM-VA) [md] (config-submode)#captive-portal guest_selfreg
(ArubaMM-VA) [md] (config-submode)#write memory 

But, nothing seems to happen.

(md1) #      show running-config | beg "user-role guest-logon"
user-role guest-logon
    captive-portal "default"
    access-list session ra-guard
    access-list session clearpass-portal
    access-list session logon-control-guest
    access-list session captiveportal
    access-list session v6-logon-control
    access-list session captiveportal6
!

From the GUI I can't seem to get passed that captive-portal wizzard either.

 

So how to I apply my own captive-portal profile to the guest-logon role?

Shouldn't be that difficult right? So what am I missing?

See if this helps:

 

It can be a bit hard to find stuff specially if you been using Aruba for while.

Thank you. That does seem to be what i need. Will verify tomorrow.
Any idea what is wrong with my cli config though?
With 8.x I prefer CLI where possible as the GUI ... ugh. I wonder if I'll ever get used to it.
[Emerge]

What version are you running?

also make sure you run the “write memory” so the config is pushed to the MCs?

Running 8.2.0.1. Did my write memory's.

This is a simple setup so I added both controllers directly to the top level (managed networks) without any extra groups.

 

But wow, now I'm getting confused.

 

Checking the location you provided..  it already contained the guest_selfreg profile! These screenshots are for the managed network level but are identical for both md's.

 

 Am I the only one that finds this VERY confusing? You set a custom profile but its contents is not showed in the rest of the pages?!

 

 

 

CLI however gives me something else.

 

md1:

(md1) #show running-config | begin "user-role guest-logon"
Building Configuration...
user-role guest-logon
    captive-portal "default"
    access-list session ra-guard
...

md2:

(md2) #show running-config | begin "user-role guest-logon"
Building Configuration...
user-role guest-logon
    captive-portal "guest_selfreg"
    access-list session ra-guard
...

So to summarize.

md2 did get the correct config pushed.

md1 didn't.

in every view of the GUI (managed network, md1 and md2) the profile shows as being set.

In every view of the GUI the advanced view - captive portal still thinks I have no servers configured and using an internal portal.

Ok, scratch that first screenshot.

 

I just checked my guest_selfreg profile and configuring this before Clearpass was set up I didn't actualy change the login-page from its default '/auth/index.html'. 

After changing this to an actual url the GUI correctly interpretes that it is fact dealing with an external captive portal. 

Pretty logical in fact

 

But I still have the issue where (only in CLI) controller md1 is still using the default captiveportal profile where controller md2 is showing the correct profile.

(md1) #show rights guest-logon
...
 Captive Portal profile = default

(md2) #show rights guest-logon
...
 Captive Portal profile = guest_selfreg

Now lets get an AP up and check what its actualy outputting. I'll get back to you with that.

 

 

Grrr/ Not too happy with this release.

 

After getting the AP up suddenly all my licenses disappeared so nomore active APs. Seems the OS passphrase changed somehow and invalidated all the licenses.  ArubaOS 8 apparently actively reboots APs without licenses so I noticed straight away.

I sure hope this doesn't happen when it's in actual production though.

 

About the captive portal profile.. pretty darn buggy as well.

After creating and applying a test profile both GUi and CLI on all levels displayed the correct config. Changing it back to my previously created guest_selfreg profile seemed to work correct on all levels too.

However, doing a show reference of said profiles now show all 3 in use.. even though I don't have 3 captive portals to use them in.