Wireless Access

 View Only
last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ArubaOS 8 - Guest WLAN

This thread has been viewed 26 times

  • 1.  ArubaOS 8 - Guest WLAN

    Posted Jul 23, 2020 06:44 AM

    Hi Guys,

     

    My first post having been reading the useful airheads community articles recently.

     

    I have recently been testing 2x 7240XM in a cluster connecting to a MM-VA (running 8.6.0.2).  These are being tested with a view to replacing the current 2x 7204 running 6.5.1.9.  I have much of the setup working as expected but have a few questions:

     

    - Can a guest WLAN have a password setup to connect to the SSID and then the authentication page requesting username and password credentials? (The current controllers in place allow this but I have not managed to find how to do this on 8.6.0.2).

     

    - Can the guest provisioning portal be restricted to only be accessed by certain individuals? (Currently, as a RADIUS server is configured for employees to log in to the Employee SSID this means the guest provisioning portal is also allowing all employees to authenticate and log in and create users - I want to restrict this to say the IT department only.

     

    - When connecting to the Guest SSID, the redirect takes the user to a http://www.msftconnecttest.com/redirect?cmd=redirect&arubalp=12345 when connecting from a Windows machine only, suggesting a certificate error however this does not occur on iPhones, iPads etc. As iPhone, iPad users connect immediately I believe a certificate is not required however am happy to learn about this.

     

    Any help on the above is most appreciated.

     

    Kind regards,

    bc



  • 2.  RE: ArubaOS 8 - Guest WLAN

    MVP GURU
    Posted Jul 23, 2020 08:06 AM

    Have you tried using WPA2 personal with the PSK to connect, and then assigning a captive portal role upon joining. The captive portal role can then  be used to redirect the user to a web login, and depending on the user type, allow access via roles returned.

     

    For guest operators, are you using ClearPass? Or is all of this being done via internal captive portal?

     

    Aruba performs a man-in-the-middle approach to redirecting clients to a captive portal page. You may get this type of certificate error due.

     

     



  • 3.  RE: ArubaOS 8 - Guest WLAN

    Posted Jul 23, 2020 09:37 AM

    Hi Dustin,

     

    Thanks for the reply.

     

    We are not currently using clearpass although there are plans for it in the future so it's all being done by the internal portal for now.

     

    There doesn't seem to be the option to use WPA2 personal with PSK when configuring a Guest WLAN, see below:

    bc172f_0-1595511160845.png

    Am I missing something?

     

    With regards to the certificate error, i think your reply got cut mid-sentence, "You may get this type of certificate error due.." Could you kindly resend this?

     

    Many thanks,

    bc172f

     



  • 4.  RE: ArubaOS 8 - Guest WLAN

    Posted Jun 10, 2021 08:19 AM
    Hi,

     I have the same problem after upgrading a 7010 cluster from version 6.5. to 8.3, I had a ssid with PSK and captive portal and it no longer lets me do it, any solution?

    Thanks and regards

    ------------------------------
    Raul Garcia
    ------------------------------

    Original Message