Security

Reply
Contributor II

Multiple Captive portal - Same SSID

Dear Experts, 

 

We have a deployment where customer wants to have same SSID for guest rooms and public area but captive portal with different options at these locations (or different captive portals altogether, whichever is possible).

 

In rooms they want to have option to use complimentary internet or access code, and in public area only access code option. Is this possible using same SSID?

 

Please advise

Re: Multiple Captive portal - Same SSID

You can pop a captive portal per AP name. Im sure there are a few how to here in the forums.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II

Re: Multiple Captive portal - Same SSID

Dear Tarnold, 

 

It will not be per AP but more like per location (room vs public). Also i was not able to find any how to, i will keep searching, would appreciate if you can share the link if its handy

Re: Multiple Captive portal - Same SSID

Clearpass will go off of radius attributes that are sent in the radius request. The problem with per room is that there no way to say this "room" get a certain cp and it will always work. You can use ap name or ap group.

Just remember if someone is sitting in room A they could still connect to ap in room B and clearpass has no way of knowing that. If they are physical locations like building A vs building B then it would be easier.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor II

Re: Multiple Captive portal - Same SSID

In my case, there will be 2 AP groups, room and public. So i have basically 2 questions 

 

1) Can i share same SSID among 2 AP Groups?

2) Can i have 2 Captive portals for 2 AP groups?

 

I think answer is yes for both, but need to confirm before testing it out to save time.

Highlighted
New Contributor

Re: Multiple Captive portal - Same SSID

HI Ronin101,

I realize this is a month old and you probably got this sorted out but you certainly are able to accomplish this. You can do the following:

  1. Enable MAC authentication on the SSID and send it to ClearPass. ClearPass will allow it through using the [Allow All MAC Auth] as the authentication type. This will allow ClearPass to see the traffic and react to it.
  2. In the ClearPass service, you will check to see of the Access Point belongs to either the room or public AP Group. This will be available in the Role Mapping as the following:
    cp-rolemapping.png
  3. You are then able to verify this MAC authentication is coming from either the room or public AP group and return an Aruba User Role that contains the appropriate Captive Portal. It would look something like this:
    cp-enforcement.png
    I hope this helps.
    Andy
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: