Security

Hi all,

Our customer have some special request to create SSID on Aruba Mobility Controller with captive portal on CPPM where employees can create guest accounts but they have to authenticate themselves with AD credentials before that.

I created portal with guest registration and 2 different user roles on Controller:

1) Guest_login_role - Captive portal login page (https://cppm.lab.local/guest/registration_login.php)
2) Guest_registration_role - Captive portal registration page (https://cppm.lab.local/guest/registration.php)

And it is working fine. Now I want to restrict users access to the registration page without authentication, for example by changing URL in browser. Can I create some rule for Guest_login_role user role on Controller to restrict that?

Thanks for help.

Best regards

Vaclav

You would normally do such a thing through Operator Profiles. Employees can then log in to cppm.lab.local/guest/ and will then be assigned an Operator profile that can create Guest accounts.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 22, 2022 05:48 AM
From: Vaclav Hauser
Subject: CPPM - captive portal with registration

Hi all,

Our customer have some special request to create SSID on Aruba Mobility Controller with captive portal on CPPM where employees can create guest accounts but they have to authenticate themselves with AD credentials before that.

I created portal with guest registration and 2 different user roles on Controller:

1) Guest_login_role - Captive portal login page (https://cppm.lab.local/guest/registration_login.php)
2) Guest_registration_role - Captive portal registration page (https://cppm.lab.local/guest/registration.php)

And it is working fine. Now I want to restrict users access to the registration page without authentication, for example by changing URL in browser. Can I create some rule for Guest_login_role user role on Controller to restrict that?

Thanks for help.

Best regards

Vaclav

Yes, you're right, I missed that option, thanks Herman.

But I'm curious about the original question, is there any option how to prevent the access I mentioned?

Thanks
Original Message:
Sent: Nov 23, 2022 08:44 AM
From: Herman Robers
Subject: CPPM - captive portal with registration

You would normally do such a thing through Operator Profiles. Employees can then log in to cppm.lab.local/guest/ and will then be assigned an Operator profile that can create Guest accounts.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 22, 2022 05:48 AM
From: Vaclav Hauser
Subject: CPPM - captive portal with registration

Hi all,

Our customer have some special request to create SSID on Aruba Mobility Controller with captive portal on CPPM where employees can create guest accounts but they have to authenticate themselves with AD credentials before that.

I created portal with guest registration and 2 different user roles on Controller:

1) Guest_login_role - Captive portal login page (https://cppm.lab.local/guest/registration_login.php)
2) Guest_registration_role - Captive portal registration page (https://cppm.lab.local/guest/registration.php)

And it is working fine. Now I want to restrict users access to the registration page without authentication, for example by changing URL in browser. Can I create some rule for Guest_login_role user role on Controller to restrict that?

Thanks for help.

Best regards

Vaclav

I had to read the scenario a few times, and still unsure about what you exactly want to do and what the workflow would be. What is the most likely scenario, is that employees need access to the Self-registration page (or the Operator Profile), create a guest account, then visitors can use the login page to get network access based on the created account.

If you want to limit access to the registration page to authenticated users, would the following under the Self-Registration page work?

Also, how these flows work in general are that the 'sponsors' are employees and have corporate IP addresses, and the guests get IP addresses in the guest network. With the Allowed Access you can restrict access to the pages by source IP address.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Nov 23, 2022 08:56 AM
From: Vaclav Hauser
Subject: CPPM - captive portal with registration

Yes, you're right, I missed that option, thanks Herman.

But I'm curious about the original question, is there any option how to prevent the access I mentioned?

Thanks
Original Message:
Sent: Nov 23, 2022 08:44 AM
From: Herman Robers
Subject: CPPM - captive portal with registration

You would normally do such a thing through Operator Profiles. Employees can then log in to cppm.lab.local/guest/ and will then be assigned an Operator profile that can create Guest accounts.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Nov 22, 2022 05:48 AM
From: Vaclav Hauser
Subject: CPPM - captive portal with registration

Hi all,

Our customer have some special request to create SSID on Aruba Mobility Controller with captive portal on CPPM where employees can create guest accounts but they have to authenticate themselves with AD credentials before that.

I created portal with guest registration and 2 different user roles on Controller:

1) Guest_login_role - Captive portal login page (https://cppm.lab.local/guest/registration_login.php)
2) Guest_registration_role - Captive portal registration page (https://cppm.lab.local/guest/registration.php)

And it is working fine. Now I want to restrict users access to the registration page without authentication, for example by changing URL in browser. Can I create some rule for Guest_login_role user role on Controller to restrict that?

Thanks for help.

Best regards

Vaclav