Prerequisites for configuring Captive Portal with Aruba ClearPass

The following are the prerequisites to support Captive Portal (external Web Authentication) on RUCKUS ICX devices.

  • Aruba ClearPass Policy Manager or CPPM for creating and managing the security profiles used for authentication.
  • Aruba ClearPass Guest module for creating web logins pages for Guest access.

The parameters in the following table are mandatory while creating a guest or web login page on the Aruba ClearPass server.

For more details related to Web Logins page creation, refer to the "Configuration" section in the Aruba ClearPass Guest User Guide, release version 6.4.
Table 1. Mandatory parameters to be added on the Aruba ClearPass server
Fields Value Description
Submit URL

Use this syntax for a single ICX switch:

http://<IP address>/Forms/webauth_cpss

Use this syntax for more than one ICX switches:

{$switch_ip|default:"http://1.1.1.1/Forms/webauth_cpss"}

Specifies the URL of the NAS device's login form.
Note: The Submit URL value for a single ICX switch differs from the Submit URL value for multiple ICX switches.
Submit Method POST Specifies the method to use while submitting the login form to NAS.
Username Field webauth_user_id Specifies the name of the username field for the login form. This is passed to the NAS device when the form is submitted.
Password Field webauth_password Specifies the name of the password field for the login form. This is passed to the NAS device when the form is submitted.
Extra Fields url|hidden_URL_str!= Use this field when original client requested URL needs to be re-directed
URL Field hidden_URL_str Specifies the destination field for the NAS device. This field contains the default URL value.
Default URL Any URL

Example https://www.ruckuswireless.com or http://www.ruckuswireless.com

Specifies the destination URL to which the client is redirected after authentication.

Other vendor-specific details are selected by default.

The following figures show examples of the information required for Web Authentication Captive Portal Redirection.
Figure 1. Web Login configuration information
Figure 2. Web login configuration information (cont'd)