Wireless Access

Reply
Occasional Contributor II

External Captive portal on the Controller

Hello,

I m trying to setup External Captive Portal on  my aruba controller ..External captive portal sends a wellcome page after succes auth..This wellcome page includes a text( for example "authenticated" )  , Controller should be parse this wellcome page and find  this text then assign authenticated role to user..I could not find Where can I define "authentication text" on my controller.What is your recommendation? Which other methods do you recommend to use for  External captive portal on controller..Do I have to use other methods ( xml-api, amigopod ,etc. )   

By the way,  I can define the authentication text in the Instant AP..

 

Aruba controller 620, Aruba OS ArubaOS_6xx_6.1.2.5_31229

 

Thanks,


Aruba Employee

Re: External Captive portal on the Controller

for external captive portal to work, the external entity has to indicate a message to the controller on the change of role (authentication status).

 

Yes amigopod/xml-api is the popular and supported ways for external captive portal authentication.

Do you already have an external captive portal server (other then amigopod) ?

 

 

 

Occasional Contributor II

Re: External Captive portal on the Controller

Dear Harsha,

Yes our customer is using a own external captive portal.This captive portal is not a commercial or open source application..They develop a web application run as captive portal.

Is controller  able to parse wellcome html page returned by external captive portal and find specfied text..

I think controller 

Actually We want to use internal captive portal, but our Customer didnt accept PAP auth between controller and IAS radius.. 

Thanks,

 

Aruba Employee

Re: External Captive portal on the Controller

no the controller doesnt parse the welcome page in the way its expected.

 

Why dont you try setting up IPSec between controller and Radius server, which would provide security

- unless the sec-ops team of the customer barrs the PAP usage, the IPSec can provide security

 

 

 

 

Occasional Contributor II

Re: External Captive portal on the Controller

Hello Harsha, Thanks for good recommendation.. I captured data between controller and radius with wireshark, I investigated the capture data on Windows 2008 radius , So password seems as encrypted in data..But I know that password is clear text for PAP auth.. Im confused.. Wireshark data --> t=User-Password(2): Encrypted I think password is encrypted between controller and radius server with Radius shared key.. What is your comment? Thanks,
Aruba Employee

Re: External Captive portal on the Controller

Yes it is protected by a radius shared secret. Hence you are not able to see in clear.

- but you should never rely on shared secret security

 

Occasional Contributor II

Re: External Captive portal on the Controller

Thanks,,

Happy new year..

Occasional Contributor II

Re: External Captive portal on the Controller

Hi Harsha,
 

  

for external captive portal to work, the external entity has to indicate a message to the controller on the change of role (authentication status)


Excuse me for my question again..So Our customer wait a solution..

I have no idea about relation between controller and external CP ( except any external CP in gw mode, amigopod ) 

How can I provide ,   the external captive portal indicate a message to the controller, 

user login and guest login are disabled on captive portal profile.So authentication will be made by External captive portal..So How External CP turn a response to the controller? 


Do I have to also provide establishing a communacation  between NAS(controller) and radius server. Because we need a response from Radius to change the role..


If our customer dont want to use amigopod and has own captive portal app, What should be  the relation between components( external captive portal, raidus server, controller ).

Thanks,

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: