Wireless Access

 View Only
last person joined: 2 days ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Internal Captive Portal

This thread has been viewed 18 times
  • 1.  Internal Captive Portal

    Posted Dec 30, 2021 07:13 AM
    Hi everyone,

    I'm working with a client who has:
    2 7210 Controllers (active/standby, no Mobility Master), version, AP and PEF licenses.
    We have configured a WLAN with Authentication with internal CaptivePortal. I have several doubts:

    1 - After authenticating with the assigned credentials, the client always falls into the default "guest" role.
    It was impossible to assign another role to the user, I tried to change the role by making the following settings:

    Path: Authentication > L3 Authentication > Captive Portal Authentication > "WlanName"
    a) Default role - assign new role
    b) User login - enable

    2 - By logging in with the guest-provisioning user it is possible to create new users,
    also there is the option to disable the client, but it has no effect: the client continues to browse, if you disable the wlan on the client side (on smarthphone) and he reconnects to the wlan he is again assigned the role of "guest" and continues to browse without problems.
    So the disable option has no effect.
    so what is the disable flag for?

    3 - By logging in with the guest-provisioning user is there a way to see the password of already created users?
    Is there a way to set the password length?

    4 - I can't set client logout. Is there an easy way to give the client the ability to log out?

    Could you give me support?

    Thanks for your help


  • 2.  RE: Internal Captive Portal

    Posted Jan 04, 2022 11:35 AM
    1) Try to change the default guest role there. That is role that is assigned when a guest logs in.
    2) The disable just disables the account, it does not disconnect existing users. If a client disconnects and returns within 5 minutes (think that is the default user timeout), it will just return in the existing role. You can disconnect the user 'forcefully' from the controller in a separate step, should be possible from the WebUI, but think from the cli: 'aaa user delete <ip>'; after that the client should be back in the captive portal and I would expect no longer able to login.
    3) Don't think you can read passwords from the guest provisioning user. If you have access to the controller CLI, you can do a 'encrypt disable' then 'show local-userdb-guest'.
    4) You can check the 'logout popup' option in the L3 authentication captive portal profile, however many devices block the popup these days. I don't see that feature used a lot.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

  • 3.  RE: Internal Captive Portal

    Posted Jan 04, 2022 01:36 PM

    Are you you enabled the use of PEF license
    Please check

    Johann Froehlich