Filter
Top Products
10. Click on the new virtual AP name in the Profiles list or in Profile Details to display configuration parameters.
a. Make sure Virtual AP enable is selected.
b. For VLAN, select the VLAN to which users are assigned (for example, 20).
c. Click Apply.
Configuring Captive Portal in the CLI
To configure captive portal with the PEFNG license via the command-line interface, access the CLI in config mode
and issue the following commands:
(host)(config) #aaa authentication captive-portal c-portal
d>efault-role employee
server-group cp-srv
(host)(config) #user-role logon
captive-portal c-portal
(host)(config) #aaa profile aaa_c-portal
initial-role logon
(host)(config) #wlan ssid-profile ssid_c-portal
essid c-portal-ap
vlan 20
(host)(config) #wlan virtual-ap vp_c-portal
aaa-profile aaa_c-portal
ssid-profile ssid_c-portal
Sample Authentication with Captive Portal
In the following example:
l Guest clients associate to the guestnet SSID which is an open wireless LAN. Guest clients are placed into VLAN
900 and assigned IP addresses by the controller’s internal DHCP server. The user has no access to network
resources beyond DHCP and DNS until they open a web browser and log in with a guest account using captive
portal.
l Guest users are given a login and password from guest accounts created in the controller’s internal database. The
temporary guest accounts are created and administered by the site receptionist.
l Guest users must enter their assigned login and password into the captive portal login before they are given
access to use web browsers (HTTP and HTTPS), POP3 email clients, and VPN clients (IPsec, PPTP, and L2TP)
on the Internet and only during specified working hours. Guest users are prohibited from accessing internal
networks and resources. All traffic to the Internet is source-NATed.
NOTE: This example assumes a Policy Enforcement Firewall Next Generation (PEFNG) license is installed in the controller.
In this example, you create two user roles:
l guest-logon is a user role assigned to any client who associates to the guestnet SSID. Normally, any client that
associates to an SSID will be placed into the
logon
system role. The guest-logon user role is more restrictive than
the logon role.
l auth-guest is a user role granted to clients who successfully authenticate via the captive portal.
Creating a Guest User Role
The guest-logon user role consists of the following ordered policies:
l captiveportal is a predefined policy that allows captive portal authentication.
l guest-logon-access is a policy that you create with the following rules:
DellPowerConnectW-SeriesArubaOS6.2 | User Guide CaptivePortalAuthentication | 239