Wireless Access

last person joined: 21 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Captive portal authentication and mobility between controllers

This thread has been viewed 4 times

  • 1.  Captive portal authentication and mobility between controllers

    Posted Jan 18, 2013 05:28 PM

    In my current environment, we are operating in a master/standby configuration.  For the guest wireless, we use a captive portal authentication method.  Since all APs are connected to the master controller, when a user moves from AP to AP, there are no issues with authentication.

     

    We are going to move to a Master/Local1/Local2 controller configuration where some APs will be connected to the Local1 controller and other APs will be connected to the Local2 controller.  My question involves this scenario.

     

    1: User is associated with AP1 which is connected to controller Local1.

    2: User authenticates to the captive portal.  Local1 knows that user is authenticated.

    3: User moves to a different location and asosciates with AP2 which is conencted to controller Local2.

     

    Question is, does controller Local2 know that the user has already authenticated via the captive portal, or will the user be requred to authenticate again?  Does the master controller keep track of authenticated users?

     

    FYI, all the controllers will be layer2 adjacent on all VLANs

     

    Thanks,

    Robert



  • 2.  RE: Captive portal authentication and mobility between controllers

    Posted Jan 19, 2013 02:54 AM

    I think you need to configure a mobility domain to accomplish this. You can read detailed instructions and examples in the 6.2 User Guider under Chapter 28 IP Mobility.



  • 3.  RE: Captive portal authentication and mobility between controllers

    EMPLOYEE
    Posted Jan 19, 2013 07:58 AM
    @rluechtefeld wrote:

    In my current environment, we are operating in a master/standby configuration.  For the guest wireless, we use a captive portal authentication method.  Since all APs are connected to the master controller, when a user moves from AP to AP, there are no issues with authentication.

     

    We are going to move to a Master/Local1/Local2 controller configuration where some APs will be connected to the Local1 controller and other APs will be connected to the Local2 controller.  My question involves this scenario.

     

    1: User is associated with AP1 which is connected to controller Local1.

    2: User authenticates to the captive portal.  Local1 knows that user is authenticated.

    3: User moves to a different location and asosciates with AP2 which is conencted to controller Local2.

     

    Question is, does controller Local2 know that the user has already authenticated via the captive portal, or will the user be requred to authenticate again?  Does the master controller keep track of authenticated users?

     

    FYI, all the controllers will be layer2 adjacent on all VLANs

     

    Thanks,

    Robert

    - User will be required to authenticated again

    - Master Controller does not keep track of authenticated users.

     

    The best plan is to make APs on Master/local/local2 controllers geographically separate so that there is no expectation for roaming.

     



  • 4.  RE: Captive portal authentication and mobility between controllers

    Posted Jan 20, 2013 08:12 AM
    @cjoseph wrote:
    @rluechtefeld wrote:

    In my current environment, we are operating in a master/standby configuration.  For the guest wireless, we use a captive portal authentication method.  Since all APs are connected to the master controller, when a user moves from AP to AP, there are no issues with authentication.

     

    We are going to move to a Master/Local1/Local2 controller configuration where some APs will be connected to the Local1 controller and other APs will be connected to the Local2 controller.  My question involves this scenario.

     

    1: User is associated with AP1 which is connected to controller Local1.

    2: User authenticates to the captive portal.  Local1 knows that user is authenticated.

    3: User moves to a different location and asosciates with AP2 which is conencted to controller Local2.

     

    Question is, does controller Local2 know that the user has already authenticated via the captive portal, or will the user be requred to authenticate again?  Does the master controller keep track of authenticated users?

     

    FYI, all the controllers will be layer2 adjacent on all VLANs

     

    Thanks,

    Robert

    - User will be required to authenticated again

    - Master Controller does not keep track of authenticated users.

     

    The best plan is to make APs on Master/local/local2 controllers geographically separate so that there is no expectation for roaming.

     

    L3 mobility is not good for this?



  • 5.  RE: Captive portal authentication and mobility between controllers

    EMPLOYEE
    Posted Jan 20, 2013 05:34 PM

    Hi

     

    As far as I know, L3 mobility doesn´t have anything to do with authentication but with IP address mobility.

     

    regards

     



  • 6.  RE: Captive portal authentication and mobility between controllers

    Posted Jan 22, 2013 10:35 AM

    Thanks CJoseph.  I thought that would be the case, but just wanted to verify.  I was certainly hoping it would work the other way.  It will be close as to whether all the APs in our campus environment can be supported on 1 controller.



  • 7.  RE: Captive portal authentication and mobility between controllers

    EMPLOYEE
    Posted Jan 22, 2013 10:54 AM

    If your devices do 802.1x, the majority if your problems going away since you will be bridging the clients to the same WLAN.  The client will automatically roam/reconnect with the same ip address.

     

    Captive Portal you will have to authenticate again.

     

    This is an even better reason to move to 802.1x.