Security

last person joined: 11 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Captive Portal always authenticated

This thread has been viewed 4 times

  • 1.  Captive Portal always authenticated

    Posted May 07, 2019 08:30 AM

    Dears,

     

    when i authenticated using the Captive portal page seccussfully  , then i make forget the SSID from my mobile , try to connect again but the SSID dosnot ask me about authenticated but i connected direct...

     

     

    how i create user/password to each user only ,

     

    so i can make authenitced from 2 device with one user/pass .

     

    note that version is 8.4
       



  • 2.  RE: Captive Portal always authenticated

    EMPLOYEE
    Posted May 07, 2019 08:47 AM

    It would help if you could share your effective configuration here to understand your exact configuration.

     

    How quickly are you repeating this test?

     

    There are global authentication timers, how long the AAA session (and this includes guest users) of a device is cached by the controller. Default 5min: https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/authentication_servers/config_auth_timer.htm

     

    If you quickly disconnect/reconnect in your testing, the controller will resume the previous session of your device and not force it to re-authenticate. This timers can also be set at the AAA profile level to override the global settings.

     

    In absence of this detail in your description, I assume you are using the controller's internal captive portal? Here is everything on the different configuration options for Guest Provisioning:

    https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/management_utilities/enab_gues_prov.htm

     

    If you do not want multiple guest users to share the same guest account concurrently, navigate to the Captive Portal Authentication and select the “Allow only one active user session” option. This will reject a second or subsequent login attempt with the same credentials.

     

    For more advanced guest workflows, I recommend you look at ClearPass.

     



  • 3.  RE: Captive Portal always authenticated

    Posted May 07, 2019 08:53 AM

    If you do not want multiple guest users to share the same guest account concurrently, navigate to the Captive Portal Authentication and select the “Allow only one active user session” option. This will reject a second or subsequent login attempt with the same credentials.

     

     

    Done and thank you for this step

     

     

    for the foret question all sttiong in the default and yes this is internal CP , what did you mean about 5min authenticated



  • 4.  RE: Captive Portal always authenticated

    EMPLOYEE
    Posted May 07, 2019 02:32 PM

    Once you successfully authenticated on the internal CP, your devices has an active authentication session on the controller - you can check those on CLI using the command:

     

    show user

    If you disconnect your device from this SSID, the authentication session will be retained until the idle timeout (default value 5 min) runs out. This is controlled by the authentication timer. If you reconnect within the 5min, you will resume the existing session.