Configuring Captive Portal in the Base Operating System
The base operating system (AOS-8 without any licenses) allows full network access to all users who connect to an ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set., both guest and registered users. In the base operating system, you cannot configure or customize user roles or utilize more than one captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. profile (except the default). The customizable user-roles and multiple captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. profile functionalities are made available by installing the PEFNG Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license.
When you create a captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. profile in the base operating system, an implicit user role is automatically created in the stand-alone controller with same name as the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. profile. This implicit user role allows only DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. and DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. traffic between the client and network and directs all HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. or HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. requests to the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.. You cannot directly modify the implicit user role or its rules. Upon authentication, captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. clients are allowed full access to their assigned VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN..
In a Mobility Conductor-managed device topology, Mobility Conductor does not have the configuration which are related to PEFNG Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license, therefore the role is not created on the Mobility Conductor.
The WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. Wizard within the AOS-8 WebUI allows for basic captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. configuration for WLANs Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. associated with the “default” ap-group: . Follow the steps in the workflow pane within the wizard and refer to the help tab for assistance.
Following are the tasks for configuring captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. in the base AOS-8:
- Create the Server Group name. In this example, the server group name is
If you are configuring captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. for registered users, configure the server(s) and create the server group. For more information about configuring authentication servers and server groups, see Authentication Servers.
. - Create Captive Portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. Authentication Profile. In this example, the profile name is .
Create and configure an instance of the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication profile. Creating the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. profile automatically creates an implicit user role and ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. with the same name. Creating the profile creates an implicit user role called . That user role allows only DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. and DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. traffic between the client and network and directs all HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. or HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. requests to the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users..
- Create a AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. Profile. In this example, the profile name is .
Create and configure an instance of the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile. For the initial role, enter the implicit user role that was created. The initial role in the profile must be set to .
- Create SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. Profile. In this example, the profile name is .
Create and configure an instance of the virtual AP profile which you apply to an AP group or AP name. Specify the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile created.
- Create a Virtual AP Profile. In this example, the profile name is
Create and configure an instance of the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile for the virtual AP.
.
The following sections present the procedure for configuring the captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication profile, the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile, and the virtual AP profile using the WebUI or the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. Configuring the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. and authentication servers and server groups are described elsewhere in this document.
The following procedure describes how to configure captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. in the base operating system:
- Login to the Mobility Conductor.
- In the
- Click in , enter a (for example, ).
- You can enable user login and guest login, and configure other captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. profile parameters as described in Configuring Captive Portal Authentication Profiles.
- Click .
node hierarchy, navigate to the tab. Select . - To specify authentication servers, select captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication profile you just configured.
- Select the server group (for example, cp-srv) from the drop-down list.
- Click .
under the - Select the
- Expand , click in to add a new profile. Enter a (for example, ), then click .
- Select the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile you just created.
- For captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication profile (for example, ) you created previously for the stand-alone controller. , select the
The captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. authentication profile you created.
must be exactly the same as the name of the- Click .
tab. - Navigate to the tab and under Profiles, select , then select .
- To create a new virtual AP profile, click in .
- Enter the name for the virtual AP profile (for example, ). Make sure is selected.
- For VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. in which captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. users are placed (for example, VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. . Click .
- In the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile you previously configured from the drop-down list and click . entry for the new virtual AP profile ( ), select the
- In the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile from the profile drop-down list. entry for the new virtual AP profile ( ), select the and select a
- Enter the name for the ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. profile (for example, ).
- For , select .
- Click .
, enter the ID of the - Navigate to the page.
- Select an AP Group and click tab in the AP group window.
- Click under the tab and select the newly create virtual AP profile (guestnet) from the drop-down list.
- Click
- Click .
- In the window, select the checkbox and click .
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. in the base operating system:
(host) [md] (config) #aaa authentication captive-portal c-portal
server-group cp-srv
(host) [md] (config) #aaa profile aaa_c-portal
initial-role c-portal
(host) [md] (config) #wlan ssid-profile ssid_c-portal
essid c-portal-ap
(host) [md] (config) #wlan virtual-ap vp_c-portal
aaa-profile aaa_c-portal
ssid-profile ssid_c-portal
vlan 20
Configuring Captive Portal with a PEFNG License