Understanding Captive Portal

You can configure captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. for the following users:

  • Guest users, where no authentication is required.
  • Registered users, who must be authenticated against an external server or the internal database of the managed device.

You can use captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. for guest and registered users at the same time. The default captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. web page provided with ArubaOS displays login prompts for both registered users and guests.

You can also load up to 16 different customized login pages into the managed device. The login page displayed is based on the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. to which the client associates.

Captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. provides secure services to its users by using the following:

Policy Enforcement Firewall Next Generation License

The Policy Enforcement Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. Next Generation License (PEFNG Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.) license provides identity-based security for wired and wireless users through user roles and firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules. You can use captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. with or without the PEFNG Policy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel. license installed in the Mobility Master. There are differences in how captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. functions work and how you configure captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users., depending on whether the license is installed.

Server Certificate

The Aruba managed device is designed to provide secure services through the use of digital certificates A digital certificate is an electronic document that uses a digital signature to bind a public key with an identity—information such as the name of a person or an organization, address, and so forth.. The server certificate is installed on the managed device through the Mobility Master. A server certificate installed in the managed device verifies the authenticity of the managed devices for captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users..

Aruba managed device ship with a demonstration self-signed certificate. Until you install a customer-specific server certificate in the managed device, this demonstration self-signed certificate is used by default for all secure HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. connections such as captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.. This self-signed certificate is included primarily for the purposes of feature demonstration and convenience and is not intended for long-term use in production networks. Users in a production environment are urged to obtain and install a certificate issued for their site or domain by a well-known CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. You can generate a CSR Certificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate. on the managed device to submit to a CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate..

The managed device can accept wild card server certificates (CN Common Name. CN is the primary name used to identify a certificate. begins with an asterisk). If a wildcard certificate is uploaded (for example, CN Common Name. CN is the primary name used to identify a certificate. =*.domain.com), the asterisk in CN Common Name. CN is the primary name used to identify a certificate. is replaced with 'captiveportal-login' in order to derive the Captive Portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. logon page URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. (captiveportal-login.domain.com).

Once you have imported a server certificate from the Mobility Master to managed device, you can select the certificate to be used with captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users..

Configuring Server Certificate

The following procedure describes how to select a certificate for captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.:

  1. Login to the Mobility Master.
  2. In the Managed Networknode hierarchy, navigate to the Configuration > System > More > General accordion.
  3. Under Captive Portal Certificate, select the name of the imported certificate from the drop-down list.
  4. Click Submit.
  5. Click Pending Changes.
  6. In the Pending Changes window, select the check box and click Deploy changes.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands are used to select a certificate for captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.:

(host) [mynode] #cd /md /<MAC_address>

(host) [<MAC_address>] (config) #web-server profile

(host) [<MAC_address>] (Web Server Configuration) #captive-portal-cert <certificate>

To specify a different server certificate for captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. with the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., use the no command to revert to the default certificate before you specify the new certificate:

(host) [<MAC_address>] (config) #web-server profile

(host) [<MAC_address>] (Web Server Configuration) #captive-portal-cert ServerCert1

(host) [<MAC_address>] (Web Server Configuration) #no captive-portal-cert

(host) [<MAC_address>] (Web Server Configuration) #captive-portal-cert ServerCert2

Related Topics

Configuring Captive Portal in the Base Operating System

Configuring Captive Portal with a PEFNG License

Managing Certificates