Wireless Access

Occasional Contributor II

Guest Wireless to Bypass Captive Portal Options

Wondered what was the best practice to have a Single Guest Wireless SSID to handle most guest users via Captive Portal but some guest users to be handled by MAC Address.  The same controller does handle an Employee Wireless SSID using 802.1x authentication.  Looking mostly to handle vendors that are at our location for months and only need internet access to not have to authenticate daily via Captive Portal but for everyone else that is just passing through to authenticate via Captive Portal.  Currently running Aruba OS


I had initially thought of using MAC Authentication which would give me the option to expire the MAC address after awhile but of course that requires a bit of setup.  I did see mention of using a UDR to set the role based on MAC but wondered if that would only be leveraged for the Guest SSID or would that be leveraged for both the Guest SSID and Eployee SSID?  I assume the UDR would require manual removal and couldn't have a set expiration date?

Guru Elite

Re: Guest Wireless to Bypass Captive Portal Options

The UDR would require no setup beyond writing the UDR and adding it to the AAA profile.  You would have to remove the UDR rule manually when they are done.  That is the simplest way to add and remove it.  If your AAA profile is only applied to your Guest SSID/VAP , the UDR would only be applied to that SSID.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Occasional Contributor II

Re: Guest Wireless to Bypass Captive Portal Options

That certainly sounds like a quick and easy setup had missed the part of how it was linked to the captive poral so that clears up my understanding of things. 


One question are there any plans in future releases to provide a method to expire the rule in an automated fashion?

Guru Elite

Re: Guest Wireless to Bypass Captive Portal Options

You would need a policy server like ClearPass for that kind of granularity.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: