Wireless Access

Hi everyone,

I'm working with a client who has:
2 7210 Controllers (active/standby, no Mobility Master), version 8.6.0.15, AP and PEF licenses.
We have configured a WLAN with Authentication with internal CaptivePortal. I have several doubts:

1 - After authenticating with the assigned credentials, the client always falls into the default "guest" role.
It was impossible to assign another role to the user, I tried to change the role by making the following settings:

Path: Authentication > L3 Authentication > Captive Portal Authentication > "WlanName"
a) Default role - assign new role
b) User login - enable

2 - By logging in with the guest-provisioning user it is possible to create new users,
also there is the option to disable the client, but it has no effect: the client continues to browse, if you disable the wlan on the client side (on smarthphone) and he reconnects to the wlan he is again assigned the role of "guest" and continues to browse without problems.
So the disable option has no effect.
so what is the disable flag for?

3 - By logging in with the guest-provisioning user is there a way to see the password of already created users?
Is there a way to set the password length?

4 - I can't set client logout. Is there an easy way to give the client the ability to log out?

Could you give me support?

Thanks for your help

------------------------------
C.
------------------------------

1) Try to change the default guest role there. That is role that is assigned when a guest logs in.
2) The disable just disables the account, it does not disconnect existing users. If a client disconnects and returns within 5 minutes (think that is the default user timeout), it will just return in the existing role. You can disconnect the user 'forcefully' from the controller in a separate step, should be possible from the WebUI, but think from the cli: 'aaa user delete <ip>'; after that the client should be back in the captive portal and I would expect no longer able to login.
3) Don't think you can read passwords from the guest provisioning user. If you have access to the controller CLI, you can do a 'encrypt disable' then 'show local-userdb-guest'.
4) You can check the 'logout popup' option in the L3 authentication captive portal profile, however many devices block the popup these days. I don't see that feature used a lot.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Dec 30, 2021 07:12 AM
From: Claudia Bolognino
Subject: Internal Captive Portal

Hi everyone,

I'm working with a client who has:
2 7210 Controllers (active/standby, no Mobility Master), version 8.6.0.15, AP and PEF licenses.
We have configured a WLAN with Authentication with internal CaptivePortal. I have several doubts:

1 - After authenticating with the assigned credentials, the client always falls into the default "guest" role.
It was impossible to assign another role to the user, I tried to change the role by making the following settings:

Path: Authentication > L3 Authentication > Captive Portal Authentication > "WlanName"
a) Default role - assign new role
b) User login - enable

2 - By logging in with the guest-provisioning user it is possible to create new users,
also there is the option to disable the client, but it has no effect: the client continues to browse, if you disable the wlan on the client side (on smarthphone) and he reconnects to the wlan he is again assigned the role of "guest" and continues to browse without problems.
So the disable option has no effect.
so what is the disable flag for?

3 - By logging in with the guest-provisioning user is there a way to see the password of already created users?
Is there a way to set the password length?

4 - I can't set client logout. Is there an easy way to give the client the ability to log out?

Could you give me support?

Thanks for your help

------------------------------
C.
------------------------------

Are you you enabled the use of PEF license
Please check

---------------------------------
Johann Froehlich
---------------------------------



Original Message:
Sent: Dec 30, 2021
From: CB3
Subject: Internal Captive Portal

Hi everyone,

I'm working with a client who has:
2 7210 Controllers (active/standby, no Mobility Master), version 8.6.0.15, AP and PEF licenses.
We have configured a WLAN with Authentication with internal CaptivePortal. I have several doubts:

1 - After authenticating with the assigned credentials, the client always falls into the default "guest" role.
It was impossible to assign another role to the user, I tried to change the role by making the following settings:

Path: Authentication > L3 Authentication > Captive Portal Authentication > "WlanName"
a) Default role - assign new role
b) User login - enable

2 - By logging in with the guest-provisioning user it is possible to create new users,
also there is the option to disable the client, but it has no effect: the client continues to browse, if you disable the wlan on the client side (on smarthphone) and he reconnects to the wlan he is again assigned the role of "guest" and continues to browse without problems.
So the disable option has no effect.
so what is the disable flag for?

3 - By logging in with the guest-provisioning user is there a way to see the password of already created users?
Is there a way to set the password length?

4 - I can't set client logout. Is there an easy way to give the client the ability to log out?

Could you give me support?

Thanks for your help

------------------------------
C.
------------------------------