Capture Web Portal without Aerohive ID Manager

  • 1
  • Question
  • Updated 3 years ago
Hello,

I want to know if it's possible to use a captive web portal without using Aerohive ID Manager and use local user base to authenticate users ?

Thanks in advance.

Best Regards,
Mathieu
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of ATSUSHI ASAMI

ATSUSHI ASAMI

  • 16 Posts
  • 4 Reply Likes
Hello Mathieu,

Yes, you can. Please follow the following steps:

1.  Create a Local User Group with User Type = RADIUS users - leave "User Profile Attribute" and "VLAN ID" blank
2.  Create Local Users which belong to the Local User Group
3.  Create an Aerohive AAA Server, in the Database settings check the Local Database and specif the  the Local User Group.
4.  Create an AAA Client which is pointing to the Aerohive AAA Server
5.  Create a Captive Web Portal with Registration type = User Authentication
6.  Create a Network Policy
7.  Create an SSID in which "Enable Captive Web Portal" is checked
8.  Choose the Captive Web Portal and the AAA Client for the "Authentication".
9.  Choose the default User Profile.
10. Save the Network Policy
11. Under a device configuration - choose the Network Policy and set the static IP address the AAA Client is pointing and choose the Aerohive AAA Server for Device RADIUS Service
12. Complete Update

Cheers,
Asami
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes
Thanks, I will try !

Could you just explain a little more step n°11 please ?
Photo of ATSUSHI ASAMI

ATSUSHI ASAMI

  • 16 Posts
  • 4 Reply Likes
Hello,

For instance if the IP address of your RADIUS AP is 192.168.77.130.



Please go "Configuration" >>> "All devices", then click the link of your AP.
Then setup the followings, then press "Save"



Please let me know if you have anything.

Cheers,
Asami
Photo of ATSUSHI ASAMI

ATSUSHI ASAMI

  • 16 Posts
  • 4 Reply Likes
Hello,

I forgot to mention one thing important.
"Authentication Method" in the CWP setting should be "MS-CHAP V2" when you use a RADIUS server on AP.



Cheers,
Asami
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes
Thanks, I'm trying to update my configuration.

When creating AAA client, is there any shared secret to enter ? 
Photo of ATSUSHI ASAMI

ATSUSHI ASAMI

  • 16 Posts
  • 4 Reply Likes
Hello,

You can enter any shared secret you like, but it should be the same between them:






Please rember that in this scenaio I am using only one AP - Host Name: AP130. IP address: 192.168.77.130.
The AP is acting as RADIUS server as well as a RADIUS client.

Cheers,
Asami
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes
Thank you very much, i'ts working like a charm !
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes
Just another question is there any way to create a profile on the Hive Manager who is online allowed to create local users ?

Thanks in advance.
Photo of ATSUSHI ASAMI

ATSUSHI ASAMI

  • 16 Posts
  • 4 Reply Likes
Hello,

Please go to "Home" >>> Administration >>> Admin Groups >>> New.

Only check "Local Users"



Then create an administratos whose Group Name is the Admin Group.



Cheers,
Asami
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes
Thank you very much ! A last question, is it possible to enable only on concurent login per username ?
Photo of ATSUSHI ASAMI

ATSUSHI ASAMI

  • 16 Posts
  • 4 Reply Likes
Hello,

Unfortunatellly it is NOT possible.
If you want to limit the number of concurrent users, you should use the private PSK instead of CWP with User Authentication.
The private PSK can tied to a MAC address - like CID.

Cheers,
Asami
Photo of Mathieu

Mathieu

  • 7 Posts
  • 0 Reply Likes
Hello,

Thanks for your reply !

Best Regards,
Mathieu Rochette