Configuring Mobility Access Switch (MAS) Captive Portal

By ckokstar posted Sep 17, 2014 05:17 PM


Configuring Mobility Access Switch (MAS) Captive Portal



Captive portal is an L3 authentication method supported by Mobility Access Switch. A captive portal presents a web page which requires user action before network access is granted. The required action can be simply viewing and agreeing to an acceptable use policy, entering Email ID, or entering a user ID and password which must be validated against a database of authorized users. The Mobility Access Switch supports both internal and external captive portals.


You can configure captive portal for guest users where no authentication is required, or for registered users who must be authenticated against an external authentication server or the Mobility Access Switch’s internal user database.  


Note: Captive portal is most often used for guest access, access to open systems (such as public hot spots), or as a way to connect to a VPN.


You can use captive portal for guest and registered users at the same time. The default captive portal web page provided with ArubaOS Mobility Access Switch displays login prompts only for registered users. The Mobility Access Switch supports the creation of 16 different customer login pages. The login page displayed is based on the AAA Profile applied to the port that the user is connected to. [1]


Platform Tested

Aruba Mobility Access Switch S2500 running AOS

ArubaOS version 7.2 or greater is required due to the use of the RFC 3576 Dynamic Authorization feature added in v7.2.  This feature allows the RADIUS server to dynamically send user disconnect and change-of- authorization messages to the NAS device (switch/controller).


Configuration Notes

This solution builds a configuration for Captive Portal authentication on the Mobility Access Switch.  The solution can be customized in the following ways:

  • The authentication server group that the Mobility Access Switch uses to validate the guest or registered users. The internal user database or an external authentication server may be used.
  • The captive portal page that the Mobility Access Switch will redirect unauthenticated users to. The internal captive portal page or an external captive portal page such as ClearPass Guest may be used.


No specific licenses required



[1] ArubaOS 7.2 User Guide