Wireless Access

Reply
Occasional Contributor II

Mobility Controller Internal DB for Guest Provisioning Question

Hello!

 

I've been a long time reader of airheads, looking forward to asking my own question :)

 

I'd like to create a small guest network but not for public but for pre-approved guest which aren't in our active directory. Our corperate SSID uses windows NPS to authenticate onto AD but I've seem that you can populate an Internal DB of users and use that for WPA2-Enterprise authentication. I've found the controller section where you can add the users manually.

 

My question is I've seen that there is a self service user administration roll where you can create guest users via the web interface without access to the rest of the controller, can this be used to populate the internal db of guest users?

 

Hope that makes sense :)

Guru Elite

Re: Mobility Controller Internal DB for Guest Provisioning Question

It is called guest provisioning.  More details are here:  http://community.arubanetworks.com/t5/Validated-Reference-Design/Guest-Access-with-ArubaOS/ta-p/155602



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Mobility Controller Internal DB for Guest Provisioning Question

Thanks for the reply Colin, but once I've setup the guest via the guest-provising GUI administration role can I then use these accounts for a WPA2-AES authenticated VAP?

 

From everything I've read these guest users can only be used via the internal captive portal which I don't want.

 

Thanks again for your time.

Guru Elite

Re: Mobility Controller Internal DB for Guest Provisioning Question

You can, but you need to setup a separate WPA2 enterprise SSID that has termination (controller certificate used as the server certificate), with the internal database as the server.

 

Again, the only way that you can use users setup in the internal database for WPA2 enterprise is to use termination. 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Mobility Controller Internal DB for Guest Provisioning Question

Brilliant thank you Colin, is there any danger in using the controllers certificate on this secure guest network?

Guru Elite

Re: Mobility Controller Internal DB for Guest Provisioning Question

The purpose of the server certificate is to establish identity as well as secure the connection.  If you are using the controller's built-in certificate, it will not have your organization's identity, and some people might not trust it.  If you already have an internal CA, you should at least generate a CA that has your company's domain, so that users would have more confidence that they are not connecting to a rogue network.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: