Security

Hello

I want to configure a guest WLAN that has no restrictions.  It appears that when configuring this out of the box with Aruba its more locked down that what I would want it to be.  What is the easiest way to do this?  

Also some users complain of having to re-authenticate to the guest network several times an hour, but when looking at the guest user role it shows 're-authentication internval' as Disabled.  So I am not sure where else to look to see what may be causing that.

What role are the guest users put into when they get on the network?

Run:  show rights <NameOfRoleAbove>

This will show you all the ACL/policies for this role.   You can edit/change the policies for your role of choice.  The "allowall" policy is likely what you want for your requirements.

The authentication timer you are looking for is under Configuration --> Authentication --> Advanced.  The time you set here will dictate how long the controller keeps the user in the client table.  When the timer is reached, the controller looks to see if the client is still there (just not doing anything).  If it is, the timer is reset.  If the device is not there (asleep or disconnected), the client is removed from the table...requiring them to reauthenticate the next time.

If you don't want your users to have to reauthenticate should that inactivity timer be reached, you can increase this timer; NOTE this affects all users on all controllers.    Or you can look to implement something like ClearPass that will authenticate guests and then allow them access for a certain amount of time (by using MAC authentication for subsequent connections).

I added an allowall policy to the guest user and increased the idle timeout.

Thanks for your help!