Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. is an authentication method supported by AOS. Captive portal displays a web page, which requires users to either view and agree to an Acceptable Usage Policy, or enter the user ID and password. You can configure captive portal for guest users without authentication, or for registered users who must be authenticated on an external server.
Captive portal authentication does not encrypt user data during the authentication process and should not be used in networks where data security is required. Captive portal is usually used for guest access, to access open systems (such as public hot spots), or as a mode to connect to a VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two..
Server Certificate
The gateways are shipped with a demo self-signed certificate, which should be used only for feature demonstration and is not intended for long-term use in production networks. Until you install a customer-specific server certificate on the gateways, the demo self-signed certificate is used by default for all secure HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. connections such as captive portal. Users in a production environment must obtain and install a certificate issued for their site or domain by a well-known CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate..
The gateways can accept wild card server certificates (CN Common Name. CN is the primary name used to identify a certificate. begins with an asterisk). If a wildcard certificate is uploaded (for example, CN=*.domain.com), the asterisk in CN is replaced with 'captiveportal-login' in order to derive the captive portal login page URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. (captiveportal-login.domain.com).
Once the server certificate is imported to a gateway, you can select the certificate to be used with captive portal.
To configure VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN., authentication servers, and server groups, see the following topics:
- Configuring VLANs on Gateways
- Configuring RADIUS Authentication Server on HPE Aruba Networking Gateways
- Configuring Server Groups
For information how to configure captive profile authentication and attach that to a user role, see the following sections:
