Wireless Access

Hi,

WiFi4EU is a funded Programm for Communities in Europe, to create public Hotspots.  >>> More

The Requirements for this programm can be found here: https://ec.europa.eu/inea/sites/inea/files/wifi4eu-2018-1_en.pdf

Page 5: 6.2.1.1 Phase 1 (Tracking Code)

Page 6: 6.2.2 Technical Requirements

I would take 12x APs for this Project but i dont know how i should implement the "tracking code" from the EU. I prefer to use Aruba Central for Management because the APs are distributed. 

What Solution i need to customize the Splash Page so, that i can add a tracking code? A real Controller, ClearPass, an external Solution?

thanks!

I think it is best to work with your Aruba partner in this case.

The AP-120 series are end-of-support access points that are 802.11n (does not comply to 802.11ac Wave 1 requirement in 6.2.2) and they need a controller.

From the captive portal requirement: "The captive portal shall establish a period for automatic recognition of previously connected users, so that the captive portal is not shown again at reconnection. This period shall be automatically reset every day at 00:00 or at least be set up for a maximum of 12 hours.", I think you will need an external captive portal where ClearPass does satisfy this requirement.

Again, I think it would be good to work with an Aruba partner on this project.

the requirement ist just "complies" 802.11ac W1. Because the other specifications match, the 300series APs would fit perfect. The Timeout is also not a problem. I can configure either on the IAP or Central the Inactivity Timout from 1 Second to 24 hours . The only question is, how i can edit the SplashPage, to add a Code like JavaScript for example? Do i need a "Controller" and "ClearPass" also? Or really an other Service? 

Ok, sorry, I read that you would take 12x as in AP-124/AP-125 which is old technology. You mean that you take 12 APs. Forget what I wrote on the AP-120 series.

As far as I know, you can't insert javascript in the Instant captive portal, or in the Central captive portal. It is possible though to host an external captive portal static page on any web server that is accessible for the clients. So you might use your public website, or get some cheap web hosting. I think there are examples available on how to set up your page publicly, otherwise, your Aruba partner can grab them from Arubapedia, or you just save the HTML code from an internal captive portal page or Central guest page and modify.

OK thank you! i think a external hosted Page will be the right approach.

Euhm, sorry to say, but I believe using the inactivity timer will not be enough here.

1) WIFI4EU wants you to recognize previous users with but enforce the portal again after midnight or after at most 12 hours.

This means that if I connect at 8am, I should have to reauth when connected after 8pm. With your inactivity timeout I can remain connected endlessly as long as I stay connected without ever seeing the portal again.

2) inactivity timeout is also not sufficient to not trigger the portal again. If my client behaves correct it will send a disconnect message to the network negating that timer.

If the user then reconnects (even if only a few minutes later) he will be presented with your captive portal again.

IMHO that requirement pretty much dictates a Clearpass or similar solution to properly adhere to that requirement.

Hey Koen,

thank you, but i think it should work with a mix of inactivity and session timout.

Login: 8AM

Break: 11AM till 3PM

Session Timeout: 24hours (At Captive Portal Splash Page)

Inactivity Timeout: 12Hours

Login at 8AM, inactive from 11AM till 15PM = no reconnect because of the Inactivity Timout but force Reauth after 24hrs at 8AM next day.

Do not you think it works that way?

If you want to strictly adhere to that requirement without 'proper' NAC you're going to be in a world of hurt I think, if it is possible at all.

Even with session timeouts. A client that does a proper disconnect will reset both timers and be presented with the portal again when he reconnects a few minutes/hours later, neither timer is going to resolve that.

That said, most people don't do proper disconnects, so maybe it'll be fine.

Iam just figuring out, if i can use "Central" without a NAC for very small deployments. 

Whatever, i will simply test the behavior in my lab!

thx Koen