Wireless Access

Reply
Frequent Contributor II
Posts: 144
Registered: ‎01-21-2015

Authentication on DMZ controller for guest users

I have followed this http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468  docs to configure DMZ for guest controller,

Here we are using master controller as auth server. Is there a way we can use DMZ controller as auth server ?

 

rana
Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: Authentication on DMZ controller for guest users

I cannot open that link.  You can make the DMZ controller do the authentication by making that side of the tunnel untrusted.  The benefit of making the controller that the AP terminates on authenticate the user is that the association and authentication table will have to user on the correct AP, authenticated with the correct name.  If you have the DMZ controller authenticate users, you cannot really track what AP that user is on.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 144
Registered: ‎01-21-2015

Re: Authentication on DMZ controller for guest users

Ok, is there anything else required, means any policy or something.
Or I just need to make the tunnel untrusted.

Sent from Outlook Mail for Windows 10 phone
rana
Guru Elite
Posts: 21,010
Registered: ‎03-29-2007

Re: Authentication on DMZ controller for guest users

Any users that pass through the "untrusted" side of the tunnel will end up in the logon role on the DMZ controller.  That means you need to create a captive portal authentication profile and edit the "logon" role to have that captive portal authentication profile on the DMZ controller.

 

Please see the post here:  http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-redirect-guest-access-across-a-GRE-tunnel-to-a-DMZ/ta-p/183468

Start reading "Configure the DMZ Controller".  *The configuration for the DMZ controller has it natting the user traffic, but that is optional*



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: