Security

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks

What is the use-case for the CPPM guest captive portal?  Does the native Aruba Central guest offering meet your needs?

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks

we already use cppm captive portal. My question is when users want to connect to guest network, they will be redirected to cppm login page to accept terms&conditions, now is it AP that is responsible for dealing with that DNS requests for the fqdn (guest.domain.com)? Where on Aruba central I should check for this setting? as currently the returning IP is not what I expect it should be so users are not able to connect to internet.

Thanks

Original Message:
Sent: Jun 17, 2024 02:03 PM
From: ahollifield
Subject: Guest Captive Portal

What is the use-case for the CPPM guest captive portal?  Does the native Aruba Central guest offering meet your needs?

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks

we already use cppm captive portal. My question is when users want to connect to guest network, they will be redirected to cppm login page to accept terms&conditions, now is it AP that is responsible for dealing with that DNS requests for the fqdn (guest.domain.com)? Where on Aruba central I should check for this setting? as currently the returning IP is not what I expect it should be so users are not able to connect to internet.

Thanks

What is the use-case for the CPPM guest captive portal?  Does the native Aruba Central guest offering meet your needs?

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks

Can you share a screenshot showing the captive portal configuration? If guest.domain.com is configured as the captive portal server name, the client would do a DNS lookup which should resolve to CPPM IP address. The entry has to be on the DNS server regardless of whether it is public or private. What IP do you get when you do a lookup on a laptop connected to the guest network?

we already use cppm captive portal. My question is when users want to connect to guest network, they will be redirected to cppm login page to accept terms&conditions, now is it AP that is responsible for dealing with that DNS requests for the fqdn (guest.domain.com)? Where on Aruba central I should check for this setting? as currently the returning IP is not what I expect it should be so users are not able to connect to internet.

Thanks

What is the use-case for the CPPM guest captive portal?  Does the native Aruba Central guest offering meet your needs?

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks

thanks, I just found out that we have a record on dns for portal address. it makes sense now as before I thought there might be a configuration somewhere on the aruba central.  so I assume we can use either management or data port IP for the captive portal, its just down to our DNS which IP it resolve the guest.domain.com  to? 

Thanks

Original Message:
Sent: Jun 17, 2024 04:11 PM
From: mattAruba
Subject: Guest Captive Portal

Can you share a screenshot showing the captive portal configuration? If guest.domain.com is configured as the captive portal server name, the client would do a DNS lookup which should resolve to CPPM IP address. The entry has to be on the DNS server regardless of whether it is public or private. What IP do you get when you do a lookup on a laptop connected to the guest network?

Original Message:
Sent: Jun 17, 2024 03:28 PM
From: LG.Y
Subject: Guest Captive Portal

we already use cppm captive portal. My question is when users want to connect to guest network, they will be redirected to cppm login page to accept terms&conditions, now is it AP that is responsible for dealing with that DNS requests for the fqdn (guest.domain.com)? Where on Aruba central I should check for this setting? as currently the returning IP is not what I expect it should be so users are not able to connect to internet.

Thanks

Original Message:
Sent: Jun 17, 2024 02:03 PM
From: ahollifield
Subject: Guest Captive Portal

What is the use-case for the CPPM guest captive portal?  Does the native Aruba Central guest offering meet your needs?

Original Message:
Sent: Jun 16, 2024 03:53 PM
From: LG.Y
Subject: Guest Captive Portal

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks

thanks, I just found out that we have a record on dns for portal address. it makes sense now as before I thought there might be a configuration somewhere on the aruba central.  so I assume we can use either management or data port IP for the captive portal, its just down to our DNS which IP it resolve the guest.domain.com  to? 

Thanks

Can you share a screenshot showing the captive portal configuration? If guest.domain.com is configured as the captive portal server name, the client would do a DNS lookup which should resolve to CPPM IP address. The entry has to be on the DNS server regardless of whether it is public or private. What IP do you get when you do a lookup on a laptop connected to the guest network?

we already use cppm captive portal. My question is when users want to connect to guest network, they will be redirected to cppm login page to accept terms&conditions, now is it AP that is responsible for dealing with that DNS requests for the fqdn (guest.domain.com)? Where on Aruba central I should check for this setting? as currently the returning IP is not what I expect it should be so users are not able to connect to internet.

Thanks

Original Message:
Sent: Jun 17, 2024 02:03 PM
From: ahollifield
Subject: Guest Captive Portal

What is the use-case for the CPPM guest captive portal?  Does the native Aruba Central guest offering meet your needs?

Hi,

I'm hoping someone here can help me understand how guest WiFi captive portal is configured as there is a requirement for me to change the data port address of our cppm server and my understanding is that address is what we use for captive portal.

So we are using CPPM captive portal for guest authentication. We have a captive portal profile with the hostname of 'guest.domain.com' created on Aruba central. In cppm there is a service created for guest authentication which push a 'pre-auth' role for users that try to connect to guest network. On AP level, that 'pre-auth' role match to set of access rules on aruba central to : a)force the captive portal b) allow dns & dhcp access and c) allow https access to the server address (which is the data port of cppm-lets say address is 10.10.10.10). I can also see the list of authentication servers that we added for the AP one being the external captive portal with address of guest.domain.com (no mention of 10.10.10.10 IP address) and the other being the management IP of CPPM server.

When I'm trying to login to guest WiFi, I can see http traffic from user to https://guest.domain which looking at packet capture the url is resolved to 10.10.10.10. Now this address is obviously internal and on the guest VLAN we are using the public DNS servers so they cant resolve the name with a dns request, now my question is when on Aruba central or CPPM we define that  guest.domain resolve to 10.10.10.10? 

I watched a video of setting guest wifi video that mentioned about installing the captive portal certificate on AP which I can't figure out where on aruba central to check for this or if this is where we somehow define that address. On cppm > guest >configuration> login-page, I can see the page that we created for captive portal but even there I can't see how its linked to the data port of CPPM. anyone has a similar setup that can guide me please?

Thanks