Wireless Access

last person joined: 15 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

External Captive portal on the Controller

This thread has been viewed 3 times

  • 1.  External Captive portal on the Controller

    Posted Jan 01, 2012 08:16 AM

    Hello,

    I m trying to setup External Captive Portal on  my aruba controller ..External captive portal sends a wellcome page after succes auth..This wellcome page includes a text( for example "authenticated" )  , Controller should be parse this wellcome page and find  this text then assign authenticated role to user..I could not find Where can I define "authentication text" on my controller.What is your recommendation? Which other methods do you recommend to use for  External captive portal on controller..Do I have to use other methods ( xml-api, amigopod ,etc. )   

    By the way,  I can define the authentication text in the Instant AP..

     

    Aruba controller 620, Aruba OS ArubaOS_6xx_6.1.2.5_31229

     

    Thanks,




  • 2.  RE: External Captive portal on the Controller

    Posted Jan 02, 2012 12:46 AM

    for external captive portal to work, the external entity has to indicate a message to the controller on the change of role (authentication status).

     

    Yes amigopod/xml-api is the popular and supported ways for external captive portal authentication.

    Do you already have an external captive portal server (other then amigopod) ?

     

     

     



  • 3.  RE: External Captive portal on the Controller

    Posted Jan 02, 2012 04:38 AM

    Dear Harsha,

    Yes our customer is using a own external captive portal.This captive portal is not a commercial or open source application..They develop a web application run as captive portal.

    Is controller  able to parse wellcome html page returned by external captive portal and find specfied text..

    I think controller 

    Actually We want to use internal captive portal, but our Customer didnt accept PAP auth between controller and IAS radius.. 

    Thanks,

     



  • 4.  RE: External Captive portal on the Controller

    Posted Jan 18, 2012 02:17 AM

    Hi Harsha,
     

      

    for external captive portal to work, the external entity has to indicate a message to the controller on the change of role (authentication status)


    Excuse me for my question again..So Our customer wait a solution..

    I have no idea about relation between controller and external CP ( except any external CP in gw mode, amigopod ) 

    How can I provide ,   the external captive portal indicate a message to the controller, 

    user login and guest login are disabled on captive portal profile.So authentication will be made by External captive portal..So How External CP turn a response to the controller? 


    Do I have to also provide establishing a communacation  between NAS(controller) and radius server. Because we need a response from Radius to change the role..


    If our customer dont want to use amigopod and has own captive portal app, What should be  the relation between components( external captive portal, raidus server, controller ).

    Thanks,



  • 5.  RE: External Captive portal on the Controller
    Best Answer

    Posted Jan 02, 2012 11:33 PM

    no the controller doesnt parse the welcome page in the way its expected.

     

    Why dont you try setting up IPSec between controller and Radius server, which would provide security

    - unless the sec-ops team of the customer barrs the PAP usage, the IPSec can provide security

     

     

     

     



  • 6.  RE: External Captive portal on the Controller

    Posted Jan 03, 2012 12:02 PM
    Hello Harsha, Thanks for good recommendation.. I captured data between controller and radius with wireshark, I investigated the capture data on Windows 2008 radius , So password seems as encrypted in data..But I know that password is clear text for PAP auth.. Im confused.. Wireshark data --> t=User-Password(2): Encrypted I think password is encrypted between controller and radius server with Radius shared key.. What is your comment? Thanks,


  • 7.  RE: External Captive portal on the Controller

    Posted Jan 03, 2012 01:05 PM

    Yes it is protected by a radius shared secret. Hence you are not able to see in clear.

    - but you should never rely on shared secret security

     



  • 8.  RE: External Captive portal on the Controller

    Posted Jan 03, 2012 06:23 PM

    Thanks,,

    Happy new year..