cancel
Showing results for 
Search instead for 
Did you mean: 

Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

Aruba Clearpass as external captive portal for Extreme WiFi Controllers (identify)?

Rahman_Duran
Contributor
Hi,

We have a mixed WiFi setup that consists a C5210 (ver. 9.x), a V2110 (ver. 10.x) and an Aruba 7030 controller. We need a unified guest wifi captive portal for guest registering via SMS validation and guest registering with sponsor validation.

Is it possible to integrate Aruba Clearpass solution as external captive portal for C5210 and V2110?

Regards,

Rahman
4 REPLIES 4

James_A
Valued Contributor

I recently set this up following https://extremeportal.force.com/ExtrArticleDetail?an=000080561. I did run across https://extremeportal.force.com/ExtrArticleDetail?an=000075728 which I solved by uploading a new device template for Disconnect and CoA:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<TipsContents xmlns="http://www.avendasys.com/tipsapiDefs/1.0">
<TipsHeader exportTime="Fri Sep 17 15:37:19 AWST 2021" version="6.10"/>
<RadiusCOATemplates>
<RadiusCOATemplate vendorId="1916" templateType="CoA" displayName="Extreme Wireless - Change-Login" name="ExtremeWireless-Change-Login">
<AttributeList>
<Attribute inputRequired="Not_Required" value="%{Application:User-Name}" name="User-Name" type="Radius:IETF"/>
<Attribute inputRequired="Not_Required" value="%{Radius:IETF:Calling-Station-Id}" name="Calling-Station-Id" type="Radius:IETF"/>
<Attribute inputRequired="Required" value="%{Radius:IETF:NAS-IP-Address}" name="NAS-IP-Address" type="Radius:IETF"/>
<Attribute inputRequired="Required" value="%{Radius:IETF:Login-LAT-Port}" name="Login-LAT-Port" type="Radius:IETF"/>
<Attribute inputRequired="Required" value="%{Radius:IETF:Event-Timestamp}" name="Event-Timestamp" type="Radius:IETF"/>
</AttributeList>
</RadiusCOATemplate>
<RadiusCOATemplate vendorId="1916" templateType="Disconnect" displayName="Extreme Wireless - Terminate Session" name="ExtremeWireless-Terminate-Session">
<AttributeList>
<Attribute inputRequired="Required" value="%{Radius:IETF:Calling-Station-Id}" name="Calling-Station-Id" type="Radius:IETF"/>
<Attribute inputRequired="Not_Required" value="%{Radius:IETF:Acct-Session-Id}" name="Acct-Session-Id" type="Radius:IETF"/>
<Attribute inputRequired="Required" value="%{Radius:IETF:Event-Timestamp}" name="Event-Timestamp" type="Radius:IETF"/>
</AttributeList>
</RadiusCOATemplate>
</RadiusCOATemplates>
</TipsContents>

You can even use make the enforcement profiles use CoA so the user doesn’t get disconnected after authenticating and have to reconnect. Looking at it you’d want to tweak the CoA profile if you were getting fancy with roles.

TylerMarcotte
Extreme Employee
You should be able to redirect it with the External Captive Portal. Here's a GTAC article that discusses using the Firewall Friendly Captive portal:

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-is-a-Firewall-Friendly-External-Captive-...

Tomasz
Valued Contributor II
Hi Rahman,

If the methodology is to simply redirect user web traffic to the captive portal IP/FQDN, then it should be fine. Whether it is Aruba ClearPass ooor Extreme Guest for instance. 😉

Kind regards,
Tomasz

Hi Tomasz,

We want to integrate as external captive portal so we can also see the usernames etc on the controllers. I know one way is to setup an open SSID and route all traffic to captive portal appliance so any solution should work  But we prefer first option if it is possible.

Regards,

Rahman
GTM-P2G8KFN