Wireless Access

Reply
Contributor I
Posts: 21
Registered: ‎01-10-2013

Captive portal authentication and mobility between controllers

In my current environment, we are operating in a master/standby configuration.  For the guest wireless, we use a captive portal authentication method.  Since all APs are connected to the master controller, when a user moves from AP to AP, there are no issues with authentication.

 

We are going to move to a Master/Local1/Local2 controller configuration where some APs will be connected to the Local1 controller and other APs will be connected to the Local2 controller.  My question involves this scenario.

 

1: User is associated with AP1 which is connected to controller Local1.

2: User authenticates to the captive portal.  Local1 knows that user is authenticated.

3: User moves to a different location and asosciates with AP2 which is conencted to controller Local2.

 

Question is, does controller Local2 know that the user has already authenticated via the captive portal, or will the user be requred to authenticate again?  Does the master controller keep track of authenticated users?

 

FYI, all the controllers will be layer2 adjacent on all VLANs

 

Thanks,

Robert

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: Captive portal authentication and mobility between controllers

I think you need to configure a mobility domain to accomplish this. You can read detailed instructions and examples in the 6.2 User Guider under Chapter 28 IP Mobility.

Guru Elite
Posts: 21,539
Registered: ‎03-29-2007

Re: Captive portal authentication and mobility between controllers


rluechtefeld wrote:

In my current environment, we are operating in a master/standby configuration.  For the guest wireless, we use a captive portal authentication method.  Since all APs are connected to the master controller, when a user moves from AP to AP, there are no issues with authentication.

 

We are going to move to a Master/Local1/Local2 controller configuration where some APs will be connected to the Local1 controller and other APs will be connected to the Local2 controller.  My question involves this scenario.

 

1: User is associated with AP1 which is connected to controller Local1.

2: User authenticates to the captive portal.  Local1 knows that user is authenticated.

3: User moves to a different location and asosciates with AP2 which is conencted to controller Local2.

 

Question is, does controller Local2 know that the user has already authenticated via the captive portal, or will the user be requred to authenticate again?  Does the master controller keep track of authenticated users?

 

FYI, all the controllers will be layer2 adjacent on all VLANs

 

Thanks,

Robert


- User will be required to authenticated again

- Master Controller does not keep track of authenticated users.

 

The best plan is to make APs on Master/local/local2 controllers geographically separate so that there is no expectation for roaming.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II
Posts: 114
Registered: ‎12-02-2011

Re: Captive portal authentication and mobility between controllers


cjoseph wrote:

rluechtefeld wrote:

In my current environment, we are operating in a master/standby configuration.  For the guest wireless, we use a captive portal authentication method.  Since all APs are connected to the master controller, when a user moves from AP to AP, there are no issues with authentication.

 

We are going to move to a Master/Local1/Local2 controller configuration where some APs will be connected to the Local1 controller and other APs will be connected to the Local2 controller.  My question involves this scenario.

 

1: User is associated with AP1 which is connected to controller Local1.

2: User authenticates to the captive portal.  Local1 knows that user is authenticated.

3: User moves to a different location and asosciates with AP2 which is conencted to controller Local2.

 

Question is, does controller Local2 know that the user has already authenticated via the captive portal, or will the user be requred to authenticate again?  Does the master controller keep track of authenticated users?

 

FYI, all the controllers will be layer2 adjacent on all VLANs

 

Thanks,

Robert


- User will be required to authenticated again

- Master Controller does not keep track of authenticated users.

 

The best plan is to make APs on Master/local/local2 controllers geographically separate so that there is no expectation for roaming.

 


L3 mobility is not good for this?

Moderator
Posts: 948
Registered: ‎07-29-2010

Re: Captive portal authentication and mobility between controllers

Hi

 

As far as I know, L3 mobility doesn´t have anything to do with authentication but with IP address mobility.

 

regards

 

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Contributor I
Posts: 21
Registered: ‎01-10-2013

Re: Captive portal authentication and mobility between controllers

Thanks CJoseph.  I thought that would be the case, but just wanted to verify.  I was certainly hoping it would work the other way.  It will be close as to whether all the APs in our campus environment can be supported on 1 controller.

Guru Elite
Posts: 21,539
Registered: ‎03-29-2007

Re: Captive portal authentication and mobility between controllers

If your devices do 802.1x, the majority if your problems going away since you will be bridging the clients to the same WLAN.  The client will automatically roam/reconnect with the same ip address.

 

Captive Portal you will have to authenticate again.

 

This is an even better reason to move to 802.1x.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: