234| Captive Port al Authentication DellPowerConnect W- Series ArubaOS 6.2 | User Guide

Policy Enfo rcement Firewall Ne xt Generatio n (PEFNG) License

You can usec aptive portal with or without the PEFNG license installed in the controller.The PEFNG license
provides identity-based security to wired and wireless clients through userroles and firewall rules.You must purchase
and installthe PE FNG licenseo nt heco ntrollerto use identity-based security features.
Thereare differences in how captive portal functions work and how you configure captive portal, dependingon
whetherthe license i s installed.Other parts of t his

chapter

describe how to configure captive portal in the base
operating system (without the PEFNG license) and with the license installed.

Controller Se rver Certificate

The Dell co ntrolleris designed to provide secure services through the use of digital certificates. A server certificate
installedi nt heco ntrollerverifies the authenticity of the controller for captive portal.
Dell controllersship with a demonstration digital certificate. Until you install a customer-specific server certificate in
the controller,this demonstration certificate is used by default for all secure HTTP connections such as capt ive
portal.This certificate is included primarily for the purposeso f featuredemonstration and convenience and is not
intendedfor long-term use in production networks. Users in a production environment are urged to obtain and install
a certificate issued for their site or domain by a well-knowncertificat e authority (CA). You can generatea
Certificate Signing Request(CSR) on the controller to submit to a CA. For informationo nhow to generate a CSR
and how to import the CA-signed certificate into the controller, see "ManagingCertificates" on page 635 in
ManagementAccess on page 625.
Onceyo u have imported a serverc ertificate into the controller, you can select the certificate to be used wit h captive
portal as described in the following sections.
To select a certificate for captive portal using the WebUI:
1. N avigate to the Configuration > Management > General page.
2. U nderCaptive Po rtalCertificat e,select t hename of the imported certificate from the drop-down list.
3. Click A pply.
To select a certificate for captive portal using the command-lineinterface, access the CLI in config mode and issue
the followingco mmands:
(host)(config) #web-server
captive-portal-cert <certificate>
To specify a different servercertificate for capti ve portalwi th the CLI, uset hen o commandto revert back to the
defaultcertificat e
before
you specify the new certificate:
(host)(config) #web-server
captive-portal-cert ServerCert1
no captive-portal-cert
captive-portal-cert ServerCert2
Configuring Captiv e Portal in the Base Operating Sys tem
The baseo peratingsystem (ArubaOS without any licenses) allows fullnetwork access to all userswho connect to an
ESSID, both guest and registered users. In the base operating system, you cannot configure or customize user roles;
this function is only available by installing the PEFNG license. Captive portal allows you to control or identify who
has access to network resources.
Whenyou c reate a captive portal profile in the base operating system, an implicit user role is automatically created
with same nameas t hecapti vepo rtalprofile. This implicit user role allows onlyD NSand DHCP t rafficbetween the
client and networkand directs all HTTP or HTTPS requests to the capti ve portal.You cannot directly modify t he