Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Multiple Captive portal - Same SSID

This thread has been viewed 4 times

  • 1.  Multiple Captive portal - Same SSID

    Posted Mar 06, 2019 12:52 AM

    Dear Experts, 

     

    We have a deployment where customer wants to have same SSID for guest rooms and public area but captive portal with different options at these locations (or different captive portals altogether, whichever is possible).

     

    In rooms they want to have option to use complimentary internet or access code, and in public area only access code option. Is this possible using same SSID?

     

    Please advise



  • 2.  RE: Multiple Captive portal - Same SSID

    EMPLOYEE
    Posted Mar 06, 2019 12:57 AM
    You can pop a captive portal per AP name. Im sure there are a few how to here in the forums.


  • 3.  RE: Multiple Captive portal - Same SSID

    Posted Mar 06, 2019 01:05 AM

    Dear Tarnold, 

     

    It will not be per AP but more like per location (room vs public). Also i was not able to find any how to, i will keep searching, would appreciate if you can share the link if its handy



  • 4.  RE: Multiple Captive portal - Same SSID

    EMPLOYEE
    Posted Mar 06, 2019 01:33 AM
    Clearpass will go off of radius attributes that are sent in the radius request. The problem with per room is that there no way to say this "room" get a certain cp and it will always work. You can use ap name or ap group.

    Just remember if someone is sitting in room A they could still connect to ap in room B and clearpass has no way of knowing that. If they are physical locations like building A vs building B then it would be easier.


  • 5.  RE: Multiple Captive portal - Same SSID

    Posted Mar 06, 2019 02:22 AM

    In my case, there will be 2 AP groups, room and public. So i have basically 2 questions 

     

    1) Can i share same SSID among 2 AP Groups?

    2) Can i have 2 Captive portals for 2 AP groups?

     

    I think answer is yes for both, but need to confirm before testing it out to save time.



  • 6.  RE: Multiple Captive portal - Same SSID

    Posted Apr 04, 2019 01:31 AM

    HI Ronin101,

    I realize this is a month old and you probably got this sorted out but you certainly are able to accomplish this. You can do the following:

    1. Enable MAC authentication on the SSID and send it to ClearPass. ClearPass will allow it through using the [Allow All MAC Auth] as the authentication type. This will allow ClearPass to see the traffic and react to it.
    2. In the ClearPass service, you will check to see of the Access Point belongs to either the room or public AP Group. This will be available in the Role Mapping as the following:
      cp-rolemapping.png
    3. You are then able to verify this MAC authentication is coming from either the room or public AP group and return an Aruba User Role that contains the appropriate Captive Portal. It would look something like this:
      cp-enforcement.png
      I hope this helps.
      Andy