ArubaOS 8.6.0.0帮助中心

You are here: Home > Captive Portal Authentication > Captive Portal with the PEFNG License

Configuring Captive Portal with a PEFNG License

You must purchase and install thePEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.license on theMobility Master使用基于身份的安全功能。有两个用户角色对captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.:

Default user role, which you specify in thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication profile, is the role granted to clients uponcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.验证。这可以是预定义的guestsystem role.

初始用户角色，您在AAA身份验证，授权和会计。AAA是一个安全框架，可以对用户进行身份验证，授权基于用户凭据的访问类型，并记录有关网络访问和网络资源消耗的身份验证事件以及信息。profile, directs clients who associate to theSSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.tocaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.每当用户启动Web浏览器连接时。这可以是预定义的logonsystem role.

Thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication profile specifies thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.login page and other configurable parameters. The initial user role configuration must include the applicablecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件实例。

苹果电脑媒体访问控制。MAC地址是分配给网络通信网络接口的唯一标识符。基于基于身份验证，如果在Mobility Master，优先captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.验证。

Following are the basic tasks for configuringcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.使用政策执行提供的基于角色的访问防火墙防火墙is a network security system used for preventing unauthorized access to or from a private network.software module:

1.安装PEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.初级许可证Mobility Master.

有关更多信息，请参阅ArubaMobility MasterLicensing Guide.

2.为默认用户配置用户角色。

为客人或注册创建和配置用户角色和策略captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.用户。有关更多信息，请参阅配置政策和角色.

3.Create a server group.

如果您要配置captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.对于注册用户，配置服务器并创建服务器组。有关更多信息，请参阅Authentication Servers

If you are using the internal database of themanaged devicefor user authentication, use the predefined “Internal” server group. The "internal" server is the local database on theMobility Master. You need to configure entries in the internal database, as described inAuthentication Servers.

4.创建captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证概况。

创建并配置一个实例captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证概况。指定默认用户角色captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.用户。有关更多信息，请参阅配置圈养门户身份验证配置文件.

5.Configure the initial user role.

创建并配置初始用户角色captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.. You also need to specify thecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.authentication profile instance in the initial user role configuration. For example, if you are using the predefinedlogon最初角色的系统角色，您需要编辑角色以指定captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件实例。有关更多信息，请参阅Modifying the Initial User Role.

6.创建AAA身份验证，授权和会计。AAA是一个安全框架，可以对用户进行身份验证，授权基于用户凭据的访问类型，并记录有关网络访问和网络资源消耗的身份验证事件以及信息。轮廓。

创建并配置一个实例AAA身份验证，授权和会计。AAA是一个安全框架，可以对用户进行身份验证，授权基于用户凭据的访问类型，并记录有关网络访问和网络资源消耗的身份验证事件以及信息。轮廓。指定初始用户角色。有关更多信息，请参阅Configuring the AAA Profile.

7.创建SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.轮廓。In this example, the profile name isssid_c-portal.

创建并配置适用于AP组或AP名称的虚拟AP配置文件的实例。指定AAA身份验证，授权和会计。AAA是一个安全框架，可以对用户进行身份验证，授权基于用户凭据的访问类型，并记录有关网络访问和网络资源消耗的身份验证事件以及信息。您刚创建的个人资料。

8.创建Virtual AP Profile. In this example, the profile name isvp_c-portal.

创建并配置一个实例SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.虚拟AP的配置文件。

以下sections present the WebUI andCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.配置的过程captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.身份验证配置文件，初始用户角色，AAA身份验证，授权和会计。AAA是一个安全框架，可以对用户进行身份验证，授权基于用户凭据的访问类型，并记录有关网络访问和网络资源消耗的身份验证事件以及信息。配置文件和虚拟AP配置文件。本文档中的其他章节详细介绍了用户角色和策略，身份验证服务器和服务器组的配置。

以下procedure describes how to configurecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.with aPEFNGPolicy Enforcement Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.license: