Environment : This article applies to all the controller models and AOS versions.
Requirement is that the clients should get only the acceptable user policy page without needing them to authenticate using a username and password.
Even after configuring the right role and related policies, clients are still getting the splash page asking to enter the username and password.
Most likely the configuration in the captive portal page is incorrect or incomplete. Execute the following command and verify if:
- Guest and user login are disabled in the captive portal profile
- “show acceptable user policy” know is enabled in the captive portal profile
(NS-Aruba-3200) #show aaa authentication captive-portal default
Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter Value
--------- -----
Default Role guest
Default Guest Role guest
Server Group default
Redirect Pause 10 sec
User Login Enabled
Guest Login Disabled
Logout popup window Enabled
Use HTTP for authentication Disabled
Logon wait minimum wait 5 sec
Logon wait maximum wait 10 sec
logon wait CPU utilization threshold 60 %
Max Authentication failures 0
Show FQDN Disabled
Authentication Protocol PAP
Login page /auth/index.html
Welcome page /auth/welcome.html
Show Welcome Page Yes
Add switch IP address in the redirection URL Disabled
Adding user vlan in redirection URL Disabled
Add a controller interface in the redirection URL N/A
Allow only one active user session Enabled
White List N/A
Black List N/A
Show the acceptable use policy page Disabled
User idle timeout N/A
Redirect URL N/A
Bypass Apple Captive Network Assistant Disabled
In order for the users to get only the “acceptable user policy” page without any actual authentication, we need to have:
- User Login and Guest login to be disable in the captive portal profile
- “show acceptable user policy” to be enabled in the captive portal profile
To make the necessary changes:
WebUI
- Navigate to Configuration> Authentication> L3 Authentication> Captive Portal Authentication
- Disable “User Login”
- Disable “Guest Login”
- Enable “show the acceptable use policy page”
- Click “Apply”
CLI:
(NS-Aruba-3200) #configure terminal
Enter Configuration commands, one per line. End with CNTL/Z
(NS-Aruba-3200) (config) #aaa authentication captive-portal default
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #no user-logon
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #no guest-logon
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #show-acceptable-use-policy
(NS-Aruba-3200) (Captive Portal Authentication Profile "default") #end
(NS-Aruba-3200) #
To verify if the changes have taken effect:
(NS-Aruba-3200) #show aaa authentication captive-portal default
Captive Portal Authentication Profile "default"
-----------------------------------------------
Parameter Value
--------- -----
Default Role guest
Default Guest Role guest
Server Group default
Redirect Pause 10 sec
User Login Disabled
Guest Login Disabled
Logout popup window Enabled
Use HTTP for authentication Disabled
Logon wait minimum wait 5 sec
Logon wait maximum wait 10 sec
logon wait CPU utilization threshold 60 %
Max Authentication failures 0
Show FQDN Disabled
Authentication Protocol PAP
Login page /auth/index.html
Welcome page /auth/welcome.html
Show Welcome Page Yes
Add switch IP address in the redirection URL Disabled
Adding user vlan in redirection URL Disabled
Add a controller interface in the redirection URL N/A
Allow only one active user session Enabled
White List N/A
Black List N/A
Show the acceptable use policy page Enabled
User idle timeout N/A
Redirect URL N/A
Bypass Apple Captive Network Assistant Disabled
(NS-Aruba-3200) #