ExtremeWireless (Identifi)

Expand all | Collapse all

Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

  • 1.  Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

    Posted 10-23-2018 03:44
    Hi,

    We have a mixed WiFi setup that consists a C5210 (ver. 9.x), a V2110 (ver. 10.x) and an Aruba 7030 controller. We need a unified guest wifi captive portal for guest registering via SMS validation and guest registering with sponsor validation.

    Is it possible to integrate Aruba Clearpass solution as external captive portal for C5210 and V2110?

    Regards,

    Rahman


  • 2.  RE: Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

    Posted 10-23-2018 04:57
    Hi Rahman,

    If the methodology is to simply redirect user web traffic to the captive portal IP/FQDN, then it should be fine. Whether it is Aruba ClearPass ooor Extreme Guest for instance. ;)

    Kind regards,
    Tomasz


  • 3.  RE: Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

    Posted 10-23-2018 16:59
    You should be able to redirect it with the External Captive Portal. Here's a GTAC article that discusses using the Firewall Friendly Captive portal:

    https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-a-Firewall-Friendly-External-Captive-...


  • 4.  RE: Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

    Posted 29 days ago

    I recently set this up following https://extremeportal.force.com/ExtrArticleDetail?an=000080561. I did run across https://extremeportal.force.com/ExtrArticleDetail?an=000075728 which I solved by uploading a new device template for Disconnect and CoA:

    <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
    <TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
    <TipsHeader exportTime="Fri Sep 17 15:37:19 AWST 2021" version="6.10"/>
    <RadiusCOATemplates>
    <RadiusCOATemplate vendorId="1916" templateType="CoA" displayName="Extreme Wireless - Change-Login" name="ExtremeWireless-Change-Login">
    <AttributeList>
    <Attribute inputRequired="Not_Required" value="%{Application:User-Name}" name="User-Name" type="Radius:IETF"/>
    <Attribute inputRequired="Not_Required" value="%{Radius:IETF:Calling-Station-Id}" name="Calling-Station-Id" type="Radius:IETF"/>
    <Attribute inputRequired="Required" value="%{Radius:IETF:NAS-IP-Address}" name="NAS-IP-Address" type="Radius:IETF"/>
    <Attribute inputRequired="Required" value="%{Radius:IETF:Login-LAT-Port}" name="Login-LAT-Port" type="Radius:IETF"/>
    <Attribute inputRequired="Required" value="%{Radius:IETF:Event-Timestamp}" name="Event-Timestamp" type="Radius:IETF"/>
    </AttributeList>
    </RadiusCOATemplate>
    <RadiusCOATemplate vendorId="1916" templateType="Disconnect" displayName="Extreme Wireless - Terminate Session" name="ExtremeWireless-Terminate-Session">
    <AttributeList>
    <Attribute inputRequired="Required" value="%{Radius:IETF:Calling-Station-Id}" name="Calling-Station-Id" type="Radius:IETF"/>
    <Attribute inputRequired="Not_Required" value="%{Radius:IETF:Acct-Session-Id}" name="Acct-Session-Id" type="Radius:IETF"/>
    <Attribute inputRequired="Required" value="%{Radius:IETF:Event-Timestamp}" name="Event-Timestamp" type="Radius:IETF"/>
    </AttributeList>
    </RadiusCOATemplate>
    </RadiusCOATemplates>
    </TipsContents>

    You can even use make the enforcement profiles use CoA so the user doesn’t get disconnected after authenticating and have to reconnect. Looking at it you’d want to tweak the CoA profile if you were getting fancy with roles.



  • 5.  RE: Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

    Posted 10-23-2018 04:57
    Hi Tomasz,

    We want to integrate as external captive portal so we can also see the usernames etc on the controllers. I know one way is to setup an open SSID and route all traffic to captive portal appliance so any solution should work 🙂 But we prefer first option if it is possible.

    Regards,

    Rahman