Wireless Access

Hello,

Just wondering if someone could help with some work I am looking to begin in the coming weeks.

First some background. I have 14 sites and each site has two networks; Corporate (20.x.0.0/16) and Guest Internet (192.168.x.0/24). I currently have two SSIDs that are broadcasting the above networks.

The Corporate SSID has standard WPA2 authentication whereas the Guest Internet SSID thus far has the default splash page with no authentication mechanism.

I am using AirWave to manage all the AP-215s we have across all sites.

What I am looking to do is to place a RADUIS server in the public DMZ of our datacenter so that all the Guest Internet links are able to reach it. I am then wanting to amend the default splash page so that it forces users of the Guest Internet service to either create an account or to log in with an existing one so that I can keep some sort of audit on who is using the service and when.

I was wondering if this is is a) actually possible to do in AirWave and b) if someone has already done something similar and can provide some information/links on how to achieve what I want.

Please be as basic as you feel you need to be with your replies, I have has no exposure to RADIUS or how to set it up but can tap an in house resource to assist with any web coding as required.

Cheers,

Indy

Hi Colin,

Thanks for the reply, I was looking at ClearPass too however I'm not sure I will get the necessary funding for it so was looking to see what I could do with just this.

I have however found the following fields on AirWave by going to the guest SSID then the Security section and selecting Internal - Authenticated: (apologies for the dodgy formatting)

• New Auth Server

Would this mean that I can do a cut down version of what I need to with AirWave without having the extra functionality that ClearPass offers?

Cheers,

Indy

Indy,

Could you share the screen shots from Airwave to better understand.

Regards,

Pavan

Hi Pavan,

This picture shows the main settings when I select Internal - Authenticated:

When I then click on New next to Authentication Server 1 it brings up the following sections:

If you need more screenshots please let me know.

Cheers,

Indy

It looks you are managing VCs from Airwave, we could configure the Guest network and set what type of page client could redirect and type of auth he need to do and click Apply to push the configuration to VCs.

Regards,

Pavan

If my post addresses your query give kudos:)

Hi Pavan,

Thats sounds promising, are you able to provide me with some instructions or a link to a guide/video that I could work from?

Cheers,

Indy

Indy,

From your original question:

What I am looking to do is to place a RADIUS server in the public DMZ of our datacenter so that all the Guest Internet links are able to reach it. I am then wanting to amend the default splash page so that it forces users of the Guest Internet service to either create an account or to log in with an existing one so that I can keep some sort of audit on who is using the service and when.

This is pretty much what ClearPass does, and you can use Airwave to push the external captive portal configuration to your Instant APs, so they work together with ClearPass. If you don't have ClearPass you will need to build the registration functionality yourself and offer both a captive-portal server (web/https) that is reachable from the guest client devices and can handle the registration part, and a RADIUS server that is reachable from the Instant management network that can do the authentication.

Building this functionality yourself is far from obvious.

What you can consider is moving from Airwave to Aruba Central for Cloud-based management which includes a guest module with the features you describe. Both the RADIUS and the Captive Portal run in the cloud in that case.