Filter
Top Products
Using Captive Portal with a PEFNG License
The PEFNG license provides identity-based security for wired and wireless users. There are two user roles that are
important for captive portal:
l Default user role, which you specify in the captive portal authentication profile, is the role granted to clients
upon captive portal authentication. This can be the predefined guest system role.
l Initial user role, which you specify in the AAA profile, directs clients who associate to the SSID to captive portal
whenever the user initiates a Web browser connection. This can be the predefined logon system role.
The captive portal authentication profile specifies the captive portal login page and other configurable
parameters. The initial user role configuration must include the applicable captive portal authentication profile
instance.
NOTE: MAC-based authentication, if enabled on the controller, takes precedence over captive portal authentication.
The following are the basic tasks for configuring captive portal using role-based access provided by the Policy
Enforcement Firewall software module. Note that you must install the PEFNG license before proceeding (see
Software Licenses on page 100).
l Configure the user role for a default user.
Create and configure user roles and policies for guest or registered captive portal users. (See Roles and Policies on
page 296 for more information about configuring policies and user roles.)
l Create a server group.
If you are configuring captive portal for registered users, configure the server(s) and create the server group. (See
Authentication Servers on page 168for more information about configuring authentication servers and server
groups.)
NOTE: If you are using the controller’s internal database for user authentication, use the predefined “Internal” server group. You
need to configure entries in the internal database, as described in Authentication Servers on page 168.
l Create the captive portal authentication profile.
Create and configure an instance of the captive portal authentication profile. Specify the default user role for
captive portal users.
l Configure the initial user role.
Create and configure the initial user role for captive portal. You need to include the predefined captiveportal
policy, which directs clients to the captive portal, in the initial user role configuration.
You also need to specify the captive portal authentication profile instance in the initial user role configuration.
For example, if you are using the predefined logon system role for the initial role, you need to edit the role to
specify the captive portal authentication profile instance.
l Create the AAA Profile.
Create and configure an instance of the AAA profile. Specify the initial user role.
l Create the SSID Profile “ssid_c-portal”.
Create and configure an instance of the virtual AP profile that you apply to an AP group or AP name. Specify the
AAA profile you just created.
l Create the Virtual AP Profile “vp_c-portal”.
Create and configure an instance of the SSID profile for the virtual AP.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide CaptivePortalAuthentication | 237