Module 10 Captive Portal.pdf - MBC 6.4 e-learning Module 10 Captive Portal Page | 1 MBC 6.4 e-learning Module 10 Captive Portal Page | 2 MBC 6.4

Module 10 Captive Portal.pdf - MBC 6.4 e-learning Module 10...

This preview shows page 1 - 8 out of 35 pages.

MBC 6.4 e-learning Module 10: Captive Portal Page | 1
Image of page 1
MBC 6.4 e-learning Module 10: Captive Portal Page | 2
Image of page 2
MBC 6.4 e-learning Module 10: Captive Portal Page | 3 This module covers: Aruba s Guest Access solution Captive Portal Process Captive Portal configuration steps Customizing Captive Portal Using WLAN Wizard Troubleshooting Captive Portal Guest Provisioning Account Guest Provisioning Customization
Image of page 3
MBC 6.4 e-learning Module 10: Captive Portal Page | 4
Image of page 4
MBC 6.4 e-learning Module 10: Captive Portal Page | 5 Aruba allows for a simple collapsed architecture that provides differentiated access based on user and device characteristics. This is the basis for a number of guest access features. Guest access is often configured as a software option. No new hardware is required for basic guest access beyond the Aruba Mobility Controller and Access Points used for the internal WLAN. In contrast to other vendors, where the LAN must be reconfigured to add a VLAN for guest access at every LAN switch where an AP connects, Aruba’s user -centric networks are added as an overlay on the existing wired LAN. Traffic from Access Points is directed via secure tunnels straight to the Mobility Controller where an integral stateful firewall maintains strict segregation between different traffic classes. Internal traffic is permitted to connect to the core LAN and corporate resources, while guest traffic travels through a secure tunnel to a Mobility Controller situated in the DMZ. From there it travels to the Internet. Alternatively, traffic can be routed at the AP to either the controller or directly to the Internet. This is known as split tunnel mode and can be configured for an AP group. Captive Portal login screens and web forms for administration are served directly from the Mobility Controller. For more sophisticated guest access solutions, Aruba’s ClearPass server can be used for credit card processing, access code authorization and property management systems.
Image of page 5
MBC 6.4 e-learning Module 10: Captive Portal Page | 6 In this design, Aruba provides DHCP on a separate network for guests and NATs them out of the Aruba LAN and onto the corporate LAN. You must decide if you wish to allow access to your internal DNS or restrict guest users to only using the external DNS. In this model, as far as addressing goes, it’s likely the guest would be allocated an address on a separate IP network than the rest of the company. The separate network would be configured per the VLAN and DHCP server that allocates addresses for the guests. At that point, you can NAT the address at the controller, or even better use the NAT capability on the Firewall as shown. More detail as well as instructions on how to setup firewall policies is available in the Lab.
Image of page 6
MBC 6.4 e-learning Module 10: Captive Portal Page | 7 In this example, security is more obvious and understood. It also necessitates a separate link for guests. Using a dedicated WAN connection provides more security in that it’s physically isolated from other network users. It also affords easier support and troubleshooting.
Image of page 7
Image of page 8

You've reached the end of your free preview.

Want to read all 35 pages?

  • Winter '18
  • mr. j
  • Login, module covers

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture