Wireless Access

last person joined: 14 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive Portal Passwords

This thread has been viewed 4 times

  • 1.  Captive Portal Passwords

    Posted Aug 19, 2014 05:03 AM

    Hello,

     

    I have a screnario at a school which the students are given access to the WiFi network using Captiv portal, please find the below details:

     

    - Controller 3400

    - Most APs are 105 and 93

    - Captive portal users are created manually by the IT team

     

    It is required that students have the ability to reset their passwords through web without getting back to IT department again, also each student is allowed to login using one device only and should logout before log in using another device.

     

    Is the above mentioned requirements achievable, if so how is it configured on the controller.

     

     


    #3400


  • 2.  RE: Captive Portal Passwords

    Posted Aug 19, 2014 06:28 AM
    Not possible to reset the password using the controller captive portal


  • 3.  RE: Captive Portal Passwords

    EMPLOYEE
    Posted Aug 19, 2014 09:03 AM

    You should really consider Clearpass guest for these requirements.  Not only can students self-register but they can also have complete control with a self-service portal for resetting passwords, etc...

     

    In addition, you can write policy to limit the amount of devices per account as well as cache the MAC address so that for the duration of the account's validity, the student wouldn't have to re-login to the captive portal.  

     

    Finally, in 6.4, Clearpass can even notify the student when the account will expire.



  • 4.  RE: Captive Portal Passwords

    Posted Aug 19, 2014 09:16 AM

    I guesse clearpass is the only solution, i was hoping there would be a work around...

     

    Is there any guide on how to configure a poilicy to limit the number of devices per account ?

    Also how would the user log out in order to use another device ? or just simply disconnecting from the SSID would be considered as logout





  • 5.  RE: Captive Portal Passwords

    EMPLOYEE
    Posted Aug 19, 2014 09:35 AM

    In Clearpass, when you walk through the service templates ("start here" under configuration), there is a section which asks how many devices per guest.

     

    Screenshot 2014-08-19 09.33.47.png



  • 6.  RE: Captive Portal Passwords

    Posted Aug 19, 2014 12:10 PM

    Oh.. seems i miss understood you, so limiting the number of devices per user also needs clearpass as well

     

    There is no way it can be done using the controller firewall ?



  • 7.  RE: Captive Portal Passwords
    Best Answer

    EMPLOYEE
    Posted Aug 19, 2014 12:12 PM
    No, you need a RADIUS server that can utilize RADIUS accounting.


  • 8.  RE: Captive Portal Passwords

    EMPLOYEE
    Posted Aug 19, 2014 12:21 PM

    Another option if you're using AOS 6.4.x+, and you want to limit the account to one device, you can use the "Allow only one active user session" in the captive portal profile.

     

    "If you do not want multiple guest users to share the same guest account concurrently, navigate to the Captive Portal Authentication and select the “Allow only one active user session” option. If a guest user authenticates successfully but the controller detects there is already a guest session with the same guest username, the second login is rejected."

     captive-one-active-user-session.png