Controllerless Networks

Reply
Highlighted
Occasional Contributor II

IAP 6.3 WPA2-Enterprise with Portal

Hi!

 

Since 6.2 it should be possible to add a captive portal after 802.1x auth, see http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/Chapter11%20Authentication/ConfAccessRuleCPl.htm

 

 

Doing this, the CP is displayed (with just terms & conditions "Accept" - which is, what we want), but the CP is displayed again and again. Sure, because i stay inside this Role which enforces Portal Page again and again.

 

Do i need to assign another role based on the new CP-"authentication"? But how to do this?

 

Something like 

set-role ???? contains accepted "rule-allow-all" 

 

 

Any suggestions?

 

Kind Regards

 

Folke

Highlighted
Moderator

Re: IAP 6.3 WPA2-Enterprise with Portal

You would need a policy engine (like Clearpass) to be able to track whether the user has accepted the terms before.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Occasional Contributor II

Re: IAP 6.3 WPA2-Enterprise with Portal

Hi Tim,

 

thanks for your very fast response.

 

But what's the sense that Instant supports internal splash screen as Role-Action ("Enforce Captive Portal") when it's not usable?

 

Is there a way to examine all values usable for role assignment?

 

Kind Regards from Munich


Folke 

Highlighted
Moderator

Re: IAP 6.3 WPA2-Enterprise with Portal

Maybe I misunderstood your question.

 

Are you saying the issue is that users are presented the captive portal every time they associate and you'd like them to only accept it once? 

 

-or-

 

Are you saying that the users remain in the captive portal redirect during their session and can't do anything else?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Occasional Contributor II

Re: IAP 6.3 WPA2-Enterprise with Portal

Hi Tim,

 

yes, the users are remaining in the Captive Portal. 

 

My current goal is jus to reach a recurring captive portal as splash screen after every WLAN-Logon (with WPA2-Enterprise)...

 

That a permanently save of "License accepted" flags requires ClearPass  is clear for me.

 

Kind Regards


Folke

Highlighted
Moderator

Re: IAP 6.3 WPA2-Enterprise with Portal

We'll have to wait and see what Marcus says. As far as I know, you cannot trigger a role change from a captive portal after an 802.1X authentication without a policy server that can do a RADIUS CoA.

The only time I've used a captive portal after an 802.1X authentication to dead-end a user and show them a "contact the help desk" style page.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: