Product and Software: This article applies to all Aruba controllers with ArubaOS 2.5.x.
With the ArubaOS 2.5.2 release, Captive Portal is available in the base operating system; you do not need to install the Policy Enforcement Firewall license in the Mobility Controller for this feature. In the base operating system, Captive Portal users are first placed into the predefined cpbase user role, which allows only DNS, DHCP, and HTTP or HTTPS connections to the network. Upon authentication, Captive Portal users are allowed full access to their assigned VLAN.
Configuring the Captive Portal
These are the basic tasks to configure Captive Portal in the base operating system:
1) Configure the Captive Portal for guest or authenticated users. In the base operating system, enable Captive Portal on a per-ESSID basis.
2) If you are using Captive Portal to authenticate users, configure the authentication server that will be used to validate users. The authentication server can be an external server or the controller's internal database.
To configure either Guest Captive Portal or Captive Portal for a single ESSID, follow these steps either in the WebUI or the CLI:
From WebUI:
1) Navigate to Configuration > Basic > WLAN. Enter the SSID name (for example, Deepak). Under 802.11 Security, select either Guest Captive Portal (for unauthenticated users) or Captive Portal (for authenticated users). If you select Captive Portal, specify the authentication server that will validate the username and password for Captive Portal users.
2) Under Authentication Servers, click Add.
3) Under Choose an Authentication Server, select the authentication server that will be the primary server and click Add.
4) To add additional authentication servers as backup servers, repeat these steps.
The servers appear in the order of descending priority. The first entry is always the primary server. To change the order, use the up or down arrows to move an entry higher or lower in the list.
5) Specify the VLAN to which users will be assigned and click Apply.
You can optionally configure other Captive Portal parameters by navigating to the
Configuration > Advanced > Security > Authentication Methods > Captive
Portal Authentication page.
For example:
From the CLI, execute the following commands:
(Aruba) #configure t
Enter configuration commands, one per line. End with Cntrl+Z.
(Aruba) (config) #ap location 0.0.0 virtual-ap "Deepak" vlan-id 1 opmode opensystem deny-bcast enable hide-ssid disable
(Aruba) (config) #aaa captive-portal match-essid "Deepak"
(Aruba) (config) #aaa captive-portal auth-server "Internal"
(Aruba) (config) #write mem