Security

At my work we have a guest SSID that uses an internal user account (on the Aruba Local Controller).  That works well and we have everytnig configured with a login Role and post login role with the appropriate security policies.

 

I am not tasked to setup the guest captive protal the same way but to use the Internal captive portal with email registration.  This feature is located under the 'Security' menu of the WLAN setup.

 

Is there any documentation available for this setup?  I found a lot about using Clearpass' but, we do not have clearpass and I wish to learn how to set this up (see screen shot) without clearpass.

 

Is there any documentation anywhere hot to set this up?

I was able to get the portal page to work with the same type of security ACLs as the original guest portal.

 

Buyt tgis is weird, I am prompted to enter an email address.  I get approved no matter what email address I enter and I can access the internet.  An email is not sent ot the yahoo.com email address so it appears that there no verification of any sort.

 

Can we have some type of email sent to the email address that is registered?  How can there be a better checks and balance for guest access? 

With only the controller, there are no checks on email registration.  It is merely a formality.  You would need ClearPass for the guest feature you are seeking.

I was told that the only way to have more security functionality for SSIDs with Captive Portal is to use Aruba ClearPass.

 

I actually asked a similar question regarding Mobile devices not re-authenticating automatically and I was told by Aruba support that one needs to use ClearPass.  I actuallly discovered that I just needed to add a security rule to the post-authentication role(DHCP permit).  I posted a question to the Community with that specific quesiton:

 

https://community.arubanetworks.com/t5/Wireless-Access/I-have-android-version-7-0-that-cannot-roam-between-access/td-p/515605

 

Is there any doucmentation that states the Captive portal will not register email addresses when using the controller only?  I wonder why there is an option for email regaristration (on the controller level) if there is not a way to verify that email address?

 

I will need to justify the purchase of ClearPass to my superiors and having a doiucment regarding how to setup the email self-registration process wilbe a good start.  Even better if there is a document stating that one will need clear pass for this.

 

Technically, what your are requesting is not email registration, but rather email validation for guest users. Both the controller and ClearPass can register a guest user by their email address, but only ClearPass validates the email address received by the guest user.

The controller hosted captive portal is suitable for basic needs in functionality and customization. For advanced functionality, captive portal solutions like ClearPass may be required.

OK,

 

So one can use the controller for basic needs in self registration; but, not verification/validation.  One can seff-register themsleves with a non-existant email address and then use internet.

 

Is there any time line when the guest account/access will be disabled?  Equally important, is there any doucmentation that states the Captive portal will not register email addresses when using the controller only or that onemust use another solution like ClearPass for authenticaiton/validation in self-registration? 

The administrator can create usernames and passwords in the internal database and require user authentication that must match those credentials (by configuring user authentication in the Captive Portal authentication profile).  Administrators can even specify dates and times of expiry for those accounts. 

 

Alternatively, adminsitrators can specify guest authentication in the Captive Portal authentication profile which only requires an email address and that is not validated.

 

Guests cannot self-register without software like ClearPass, however.

IK,

 

I believe you guys but is there any documentation that describes what fucntioanlity can and cnnotbe done with teh controllers vs using clearpass?

There is nothing that necessarily compares it.  The chapter here:  https://www.arubanetworks.com/techdocs/ArubaOS_83_Web_Help/content/arubaframestyles/captive_portal/capt_prtl_overv.htm

describes what you can do with the controller.

 

To do extensive guest access above what is described there, you would need ClearPass.

I found an older topic (2011) stating that Clearpass is required fro validaiton as well.  

 

https://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Captive-portal-registration/td-p/14350