Wireless Access

Reply
New Contributor
Posts: 4
Registered: ‎04-25-2016

Guest WiFi Captive Portal with RADIUS Authentication on AirWave

Hello,

 

Just wondering if someone could help with some work I am looking to begin in the coming weeks.

 

First some background. I have 14 sites and each site has two networks; Corporate (20.x.0.0/16) and Guest Internet (192.168.x.0/24). I currently have two SSIDs that are broadcasting the above networks.

 

The Corporate SSID has standard WPA2 authentication whereas the Guest Internet SSID thus far has the default splash page with no authentication mechanism.

 

I am using AirWave to manage all the AP-215s we have across all sites.

 

What I am looking to do is to place a RADUIS server in the public DMZ of our datacenter so that all the Guest Internet links are able to reach it. I am then wanting to amend the default splash page so that it forces users of the Guest Internet service to either create an account or to log in with an existing one so that I can keep some sort of audit on who is using the service and when.

 

I was wondering if this is is a) actually possible to do in AirWave and b) if someone has already done something similar and can provide some information/links on how to achieve what I want.

 

Please be as basic as you feel you need to be with your replies, I have has no exposure to RADIUS or how to set it up but can tap an in house resource to assist with any web coding as required.

 

Cheers,

Indy

Guru Elite
Posts: 21,561
Registered: ‎03-29-2007

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

Airwave cannot do authentication. A policy engine like ClearPass would be what you are looking for:
http://www.arubanetworks.com/products/security/network-access-control/?source=sem&gclid=Cj0KEQjw-ezKBRCGwqyK0rHzmvkBEiQAu-_-LKt1h2EzZ7QHqZcFFPMUnndJ4f16HLkdQ1dh4JBhY40aAsHY8P8HAQ


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎04-25-2016

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

Hi Colin,

 

Thanks for the reply, I was looking at ClearPass too however I'm not sure I will get the necessary funding for it so was looking to see what I could do with just this.

 

I have however found the following fields on AirWave by going to the guest SSID then the Security section and selecting Internal - Authenticated: (apologies for the dodgy formatting)

 

  • New Auth Server
  • RADIUS
  • LDAP
  • CoA only
Name:
Server address:
RadSec:
  • Enable
  • Disable
Auth port:
Accounting port:
Shared key:
Retype key:
Timeout:sec.
Retry count:
RFC 3576:
NAS IP address:(optional)
NAS identifier:(optional)
Dead time:min.
DRP IP:
DRP Mask:
DRP VLAN:
DRP Gateway: 

 

Would this mean that I can do a cut down version of what I need to with AirWave without having the extra functionality that ClearPass offers?

 

Cheers,

Indy

Aruba Employee
Posts: 513
Registered: ‎02-19-2015

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

Indy,

 

Could you share the screen shots from Airwave to better understand.

 

Regards,

Pavan

New Contributor
Posts: 4
Registered: ‎04-25-2016

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

[ Edited ]

Hi Pavan,

 

This picture shows the main settings when I select Internal - Authenticated:

 1.png

 

When I then click on New next to Authentication Server 1 it brings up the following sections:

2.png3.png 

If you need more screenshots please let me know.

 

Cheers,

Indy

Aruba Employee
Posts: 513
Registered: ‎02-19-2015

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

It looks you are managing VCs from Airwave, we could configure the Guest network and set what type of page client could redirect and type of auth he need to do and click Apply to push the configuration to VCs.

 

Regards,

Pavan

 

If my post addresses your query give kudos:)

New Contributor
Posts: 4
Registered: ‎04-25-2016

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

Hi Pavan,

 

Thats sounds promising, are you able to provide me with some instructions or a link to a guide/video that I could work from?

 

Cheers,

Indy

MVP
Posts: 554
Registered: ‎11-04-2011

Re: Guest WiFi Captive Portal with RADIUS Authentication on AirWave

Indy,

 

From your original question:

What I am looking to do is to place a RADIUS server in the public DMZ of our datacenter so that all the Guest Internet links are able to reach it. I am then wanting to amend the default splash page so that it forces users of the Guest Internet service to either create an account or to log in with an existing one so that I can keep some sort of audit on who is using the service and when.

This is pretty much what ClearPass does, and you can use Airwave to push the external captive portal configuration to your Instant APs, so they work together with ClearPass. If you don't have ClearPass you will need to build the registration functionality yourself and offer both a captive-portal server (web/https) that is reachable from the guest client devices and can handle the registration part, and a RADIUS server that is reachable from the Instant management network that can do the authentication.

 

Building this functionality yourself is far from obvious.

 

What you can consider is moving from Airwave to Aruba Central for Cloud-based management which includes a guest module with the features you describe. Both the RADIUS and the Captive Portal run in the cloud in that case.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: