Wireless Access

Hi!

I have a question regarding the Captive Portal in Bridge forwarding mode.

I checked some documentation and discussions and have a couple of questions:

1. Is it correct that the Captive Portal only works on full tunnel mode and also split tunnel mode, but not on Bridge Forwarding mode?
2. How would the configuration look of the ACL? What IP should I include for the ACL for split tunnel? What IP is the default Captive Portal IP or what interface does it use?
3. Is there a configuration guide on Captive Portal with split tunnel? If so, can someone share it, I cannot find it on the documentation under Captive Portal, please note the Split tunnel need to be included
4. Can anyone share documentation on how to change from bridge mode to split tunnel? Do AP's need to reboot? Can it be done per SSID or needs it to be done per AP itself?

Thank you in advance,

With best regards,

Alvaro Tombokan

1. "This feature supports only external captive portal servers which generate XML API/Radius CoA to the controller".  If you don't have an external captive portal server that will generate a radius COA to the controller already, don't attempt it:  https://www.arubanetworks.com/techdocs/ArubaOS_8.10.0_Web_Help/Content/arubaos-solutions/captive-portal/enab-capt-port-enha.htm?Highlight=captive%20portal%20bridge
2. Bridge mode itself is being deprecated in favor of using clusters of instant for SSIDs that would need to be sent local instead of tunneled to a gateway, so that should be deployed, instead.
3. There is a documentation for Captive Portal for split tunnel, but split tunneled SSIDs are only meant for single-AP deployments at remote locations, because users cannot roam between access points in this scenario.  The access points also have to be configured as remote APs for a split-tunneled SSID to even be broadcast.
4. You change the forwarding mode in the Virtual AP profile to determine whether or not it is bridge mode or split tunnel.
5. Based on your questions, it seems like your deployment is a candidate for Aruba Instant, instead of a controller-based deployment and you should probably start with instant.  Bridge mode and split tunnel modes were added as features early on before Aruba Instant was deployed, and they do not offer a fraction of the functionality of Aruba Instant.  You should start by configuring/deploying a single instant AP to do what you want and just add access points to that, instead of trying to get bridge and split tunneled SSIDs working, honestly.  Bridged and Split tunneled SSIDs have so many considerations, it is best to just start with Instant....

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
------------------------------

Original Message:
Sent: Sep 13, 2023 09:48 AM
From: AlvaroDM
Subject: Captive Portal Bridge Mode

Hi!

I have a question regarding the Captive Portal in Bridge forwarding mode.

I checked some documentation and discussions and have a couple of questions:

1. Is it correct that the Captive Portal only works on full tunnel mode and also split tunnel mode, but not on Bridge Forwarding mode?
2. How would the configuration look of the ACL? What IP should I include for the ACL for split tunnel? What IP is the default Captive Portal IP or what interface does it use?
3. Is there a configuration guide on Captive Portal with split tunnel? If so, can someone share it, I cannot find it on the documentation under Captive Portal, please note the Split tunnel need to be included
4. Can anyone share documentation on how to change from bridge mode to split tunnel? Do AP's need to reboot? Can it be done per SSID or needs it to be done per AP itself?

Thank you in advance,

With best regards,

Alvaro Tombokan

AOS 8.7 introduced support for captive portal on bridge mode APs.

https://www.arubanetworks.com/techdocs/ArubaOS/Consolidated_8.x_RN/Content/8.7/overview87x.htm

From your question it sounds like you are trying to setup a RAP with a WLAN that has a captive portal?

------------------------------
Carson Hulcher, ACEX#110
------------------------------

Original Message:
Sent: Sep 13, 2023 09:48 AM
From: AlvaroDM
Subject: Captive Portal Bridge Mode

Hi!

I have a question regarding the Captive Portal in Bridge forwarding mode.

I checked some documentation and discussions and have a couple of questions:

1. Is it correct that the Captive Portal only works on full tunnel mode and also split tunnel mode, but not on Bridge Forwarding mode?
2. How would the configuration look of the ACL? What IP should I include for the ACL for split tunnel? What IP is the default Captive Portal IP or what interface does it use?
3. Is there a configuration guide on Captive Portal with split tunnel? If so, can someone share it, I cannot find it on the documentation under Captive Portal, please note the Split tunnel need to be included
4. Can anyone share documentation on how to change from bridge mode to split tunnel? Do AP's need to reboot? Can it be done per SSID or needs it to be done per AP itself?

Thank you in advance,

With best regards,

Alvaro Tombokan