Controllerless Networks

So, question is. Is there any way of using Aruba Controller Captive Portal as Aruba Instant External Captive Portal?.

Thank you in advance

Here you go.

http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/External%20Captive%20Portal.htm

This should get your started..

Hi

Reading the documentation and doing some test y just realized that what i'm trying is not possible.

Thanks for your help

This is the situation.

I have a client with an Aruba controller 620 in his main office. They have two WLAN in that controller, for employees and for guest users. We are using a customized captive portal uploaded to the controller for guest users.

This client have several remote office, connect by VPN, and they want to use Aruba Instant in those offices. (they don't use RAP's for two thing; save money in Aruba Controller licenses, and Aruba controller model 620 have reach maximum AP+RAP capacity).

So, in this deployment, for employees we will configure an employee WLAN with internal user authentication. No problem with that.

Main problem is guest network, because Aruba Instant Internal captive portal is not customizable (and, for be honest, ugly as hell).

I have been trying using VPN connection between Instant and Aruba controller, adding route 0.0.0.0 0.0.0.0 to Aruba Controller, and using guest access rol for IAP VPN but is not working (I read somewhere that this is not possible with Aruba Controller 620 because a lack of memory).

Next thing i tried is what i opened the post for:  use Aruba controler as Aruba Instant external captive portal, but it doesn't work..

So, at this point, I don't know what to do... :

Don't want to sound like a salesman but Clearpass would definitely help you in this matter.

We doing something similar here as well but we are providing an external captive portal using XML-API.

IAP makes a VPN to controller, we push the portal to the controller which pushes it through the VPN to the IAP for the users.

I have not tested IAP to VPN Controller and hosting captive portal on VPN controller, in this case your 620.

I am quite sure that the IAP's require I believe a controller with 6.2+ AOS in order to terminate VPN, therefore your 620 is not capable of doing this since it does not supprot 6.2.

Yes, it's possible.

Create an Open ESSID on the Instant Cluster that places the users on a VLAN that can only egress (the user's L3 gateway) via an Untrusted port on an Aruba Controller, then assign a wired AAA policy to the port on the controller that requires captive portal.

We do this all the time for wired users in various environments or with autonomous or other vendors WLANs.    

It is a nice solution but you have to keep in mind : 

              - user limit on a 620 is 256.

              - TS'ing will be a lot harder if you don't understand the datapath and the points where you will be gathering the information.

I would suggest spinig up a VM with Apache and replicate the portal that you have on Aruba on an external server.

---

@billcarrjr wrote:

Yes, it's possible.

 

Create an Open ESSID on the Instant Cluster that places the users on a VLAN that can only egress (the user's L3 gateway) via an Untrusted port on an Aruba Controller, then assign a wired AAA policy to the port on the controller that requires captive portal.

 

We do this all the time for wired users in various environments or with autonomous or other vendors WLANs.    

 

 

---