Understanding Captive Portal

You can configurecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.for the following users:

Guest users, where no authentication is required.

注册用户,他们必须经过身份验证的霍霍t an external server or the internal database of themanaged device.

While you can usecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.to authenticate users, it does not provide for encryption of user data and should not be used in networks where data security is required.Captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.is most often used for guest access, access to open systems (such as public hot spots), or as a way to connect to aVPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two..

您可以使用captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.for guest and registered users at the same time. The defaultcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.web page provided withArubaOSdisplays login prompts for both registered users and guests.

You can also load up to 16 different customized login pages into themanaged device. The login page displayed is based on theSSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.to which the client associates.

Captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.provides secure services to its users by using the following:

策略执行FirewallFirewall is a network security system used for preventing unauthorized access to or from a private network.Next Generation License

Server Certificate

策略执行Firewall Next Generation License

The Policy EnforcementFirewallFirewall is a network security system used for preventing unauthorized access to or from a private network.Next Generation License (PEFNG策略执行Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.) license provides identity-based security for wired and wireless users through user roles andfirewallFirewall is a network security system used for preventing unauthorized access to or from a private network.规则。您可以使用captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.with or without thePEFNG策略执行Firewall. PEF also known as PEFNG provides context-based controls to enforce application-layer security and prioritization. The customers using Aruba mobility controllers can avail PEF features and services by obtaining a PEF license. PEF for VPN users—Customers with PEF for VPN license can apply firewall policies to the user traffic routed to a controller through a VPN tunnel.license installed in theMobility Master. There are differences in howcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.functions work and how you configurecaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users., depending on whether the license is installed.

Server Certificate

TheArubamanaged deviceis designed to provide secure services through the use ofdigital certificatesA digital certificate is an electronic document that uses a digital signature to bind a public key with an identity—information such as the name of a person or an organization, address, and so forth.. The server certificate is installed on themanaged devicethrough theMobility Master. A server certificate installed in themanaged deviceverifies the authenticity of themanaged devicesforcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users..

Arubamanaged deviceship with a demonstration self-signed certificate. Until you install a customer-specific server certificate in themanaged device, this demonstration self-signed certificate is used by default for all secureHTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands.connections such ascaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.. This self-signed certificate is included primarily for the purposes of feature demonstration and convenience and is not intended for long-term use in production networks. Users in a production environment are urged to obtain and install a certificate issued for their site or domain by a well-knownCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.. You can generate aCSRCertificate Signing Request. In PKI systems, a CSR is a message sent from an applicant to a CA to apply for a digital identity certificate.on themanaged deviceto submit to aCACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate..

Themanaged devicecan accept wild card server certificates (CNCommon Name. CN is the primary name used to identify a certificate.begins with an asterisk). If a wildcard certificate is uploaded (for example,CNCommon Name. CN is the primary name used to identify a certificate.=*.domain.com), the asterisk inCNCommon Name. CN is the primary name used to identify a certificate.is replaced with 'captiveportal-login' in order to derive theCaptive PortalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.logon pageURLUniform Resource Locator. URL is a global address used for locating web resources on the Internet.(captiveportal-login.domain.com).

Once you have imported a server certificate from theMobility Mastertomanaged device, you can select the certificate to be used withcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users..

Configuring Server Certificate

The following procedure describes how to select a certificate forcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.:

1.Login to theMobility Master.

2.In theManaged Networknode hierarchy, navigate to theConfiguration > System > More > Generalaccordion.

3.UnderCaptive Portal Certificate, select the name of the imported certificate from the drop-down list.

4.ClickSubmit.

5.ClickPending Changes.

6.In thePending Changeswindow, select the check box and clickDeploy changes.

The followingCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.commands are used to select a certificate forcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.:

(host) [mynode] #cd /md /

(host) [] (config) #web-server profile

(host) [] (Web Server Configuration) #captive-portal-cert

To specify a different server certificate forcaptive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users.with theCLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., use thenocommand to revert to the default certificatebeforeyou specify the new certificate:

(host) [] (config) #web-server profile

(host) [] (Web Server Configuration) #captive-portal-cert ServerCert1

(host) [] (Web Server Configuration) #no captive-portal-cert

(host) [] (Web Server Configuration) #captive-portal-cert ServerCert2