Wireless Access

Reply
Occasional Contributor II
Posts: 42
Registered: ‎06-25-2013

Guest Wireless to Bypass Captive Portal Options

Wondered what was the best practice to have a Single Guest Wireless SSID to handle most guest users via Captive Portal but some guest users to be handled by MAC Address.  The same controller does handle an Employee Wireless SSID using 802.1x authentication.  Looking mostly to handle vendors that are at our location for months and only need internet access to not have to authenticate daily via Captive Portal but for everyone else that is just passing through to authenticate via Captive Portal.  Currently running Aruba OS 6.4.2.4.

 

I had initially thought of using MAC Authentication which would give me the option to expire the MAC address after awhile but of course that requires a bit of setup.  I did see mention of using a UDR to set the role based on MAC but wondered if that would only be leveraged for the Guest SSID or would that be leveraged for both the Guest SSID and Eployee SSID?  I assume the UDR would require manual removal and couldn't have a set expiration date?

Guru Elite
Posts: 21,018
Registered: ‎03-29-2007

Re: Guest Wireless to Bypass Captive Portal Options

The UDR would require no setup beyond writing the UDR and adding it to the AAA profile.  You would have to remove the UDR rule manually when they are done.  That is the simplest way to add and remove it.  If your AAA profile is only applied to your Guest SSID/VAP , the UDR would only be applied to that SSID.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 42
Registered: ‎06-25-2013

Re: Guest Wireless to Bypass Captive Portal Options

That certainly sounds like a quick and easy setup had missed the part of how it was linked to the captive poral so that clears up my understanding of things. 

 

One question are there any plans in future releases to provide a method to expire the rule in an automated fashion?

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: Guest Wireless to Bypass Captive Portal Options

You would need a policy server like ClearPass for that kind of granularity.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: