MikroTik RouterOS Captive Portal und Purple WiFi Integrationsleitfaden

Dieser technische Leitfaden bietet eine Schritt-für-Schritt-Anleitung zur Integration von MikroTik RouterOS in die WiFi-Plattform von Purple. Er behandelt die Guest WiFi Captive Portal-Konfiguration, die Staff WiFi 802.1X-Authentifizierung und Multi-Tenant-WiFi unter Verwendung von Private PSKs für eine dynamische VLAN-Segmentierung.

📖 4 Min. Lesezeit📝 872 Wörter🔧 2 ausgearbeitete Beispiele❓ 3 Übungsfragen📚 8 Schlüsseldefinitionen

Diesen Leitfaden anhören

Podcast-Transkript ansehen

MikroTik RouterOS Captive Portal and Purple WiFi Integration Guide - Podcast Script

[INTRO - approximately 1 minute]

Welcome. If you're managing WiFi infrastructure at a hotel, a retail chain, a stadium, or a conference centre, and you're running MikroTik RouterOS, this episode is for you.

I'm going to walk you through exactly how to integrate MikroTik's Hotspot Gateway with Purple's guest WiFi platform - covering three distinct use cases: guest WiFi with a captive portal and walled garden, secure staff WiFi using 802.1X, and multi-tenant network segregation using MikroTik's Private Pre-Shared Key feature.

This isn't a theoretical overview. By the end of this, you'll have the specific CLI commands, RADIUS attributes, and configuration logic you need to deploy or audit these setups yourself.

Let's get into it.

[TECHNICAL DEEP-DIVE - approximately 5 minutes]

Part one: Guest WiFi and the MikroTik captive portal.

MikroTik's Hotspot Gateway is the engine behind guest WiFi redirection on RouterOS. When a visitor connects to your guest SSID, the Hotspot Gateway intercepts their HTTP traffic and redirects them to a splash page - that's your captive portal. Purple hosts that splash page. Your MikroTik router acts as the Hotspot Gateway and RADIUS client. Purple's platform acts as the RADIUS server.

Here's how you set it up. First, run the Hotspot Setup wizard from the IP menu in Winbox or via the CLI. You'll assign it to your guest-facing interface - typically a VLAN interface or a bridge port. Set your local address pool, configure your DNS servers, and give the hotspot a DNS name. That DNS name is what guests see in their browser before they authenticate.

Once the wizard completes, you need to point the hotspot profile at Purple's RADIUS server. In the CLI, that looks like this:

/radius add service=hotspot address=YOUR-PURPLE-RADIUS-IP secret=YOUR-SHARED-SECRET authentication-port=1812 accounting-port=1813

Then enable RADIUS on the hotspot profile:

/ip hotspot profile set default use-radius=yes

Purple will provide you with the RADIUS IP address, the shared secret, and the splash page URL when you set up your venue in the Purple dashboard.

Now, the walled garden. This is critical. Before a guest authenticates, their device needs to be able to reach Purple's splash page and any OAuth providers you're using - Google, Facebook, and so on. Without walled garden entries, the redirect loop breaks and guests can't log in.

In RouterOS, you add walled garden entries under IP, Hotspot, Walled Garden. You need to add Purple's splash page domain, any social login domains, and any CDN hosts that serve the login page assets. Purple's documentation lists the exact domains for your region. Add them as IP entries or hostname entries - hostname entries are more resilient when IP addresses change.

The key RADIUS attributes Purple returns on a successful authentication include the session timeout, which controls how long a guest stays connected before being prompted again, and optionally a bandwidth rate limit using the Mikrotik-Rate-Limit vendor-specific attribute. This lets you enforce fair-use policies per guest session directly from the Purple dashboard without touching the router config.

Part two: Secure Staff WiFi with 802.1X.

This is where you move away from shared passwords entirely. IEEE 802.1X is the standard for port-based network access control. On a MikroTik wireless interface, you enable WPA2-Enterprise or WPA3-Enterprise authentication, which means the access point becomes an authenticator - it passes EAP credentials from the staff device to a RADIUS server, which validates them and returns an Access-Accept or Access-Reject.

Purple's Staff WiFi product integrates with Microsoft Entra ID, Okta, and Google Workspace as identity providers. When a staff member's device connects, it presents a certificate or username and password via PEAP-MSCHAPv2. Purple's RADIUS server validates that credential against your identity provider in real time.

On the MikroTik side, you configure the wireless security profile with authentication-types set to wpa2-eap, and you point the RADIUS client at Purple's server with service=wireless. In CAPsMAN - that's MikroTik's centralised access point management system - you set this at the security configuration level so it applies across all your managed access points consistently.

The RADIUS server can return the Mikrotik-Wireless-VLANID attribute to place authenticated staff on a specific VLAN. This is how you enforce network segmentation - finance staff land on VLAN 10, operations on VLAN 20, and so on - all from a single SSID, all driven by identity.

For automatic revocation - when a staff member leaves - Purple's integration with your identity provider means that when you disable the account in Entra ID or Okta, the next re-authentication attempt fails and the device is disconnected. No manual router config changes required.

Part three: Multi-Tenant WiFi with Private Pre-Shared Keys.

This is the most architecturally interesting of the three. Private PSK - sometimes called PPSK or iPSK - lets you run a single SSID where each tenant, resident, or device group connects with a unique passphrase, and each passphrase maps to a different VLAN.

On MikroTik, this works through MAC-based RADIUS authentication on the wireless interface. When a device connects, the access point sends the device's MAC address to the RADIUS server as the username. The RADIUS server - either MikroTik's own User Manager in RouterOS 7, or FreeRADIUS - looks up that MAC address and returns two vendor-specific attributes: Mikrotik-Wireless-Psk, which is the per-device passphrase, and Mikrotik-Wireless-VLANID, which places the device on the correct VLAN.

The wireless security profile needs radius-mac-authentication set to yes, and the RADIUS client needs service=wireless.

In practice, for a build-to-rent property with 200 apartments, you'd pre-register each resident's device MAC addresses in Purple's platform when they move in. Purple maps each MAC to a unique PSK and a VLAN corresponding to that apartment's network segment. The resident connects using their apartment passphrase. Their devices land on an isolated VLAN. Their neighbour's devices are on a completely separate VLAN. Neither can see the other's traffic.

For devices that don't support 802.1X - smart TVs, games consoles, IoT devices - this approach is the practical alternative. The device just needs to support WPA2-PSK, which everything does.

[IMPLEMENTATION RECOMMENDATIONS AND PITFALLS - approximately 2 minutes]

Let me give you the four things that most commonly go wrong in these deployments.

First: walled garden gaps. If Purple's splash page fails to load, check your walled garden entries. The most common culprit is a missing CDN domain or a social login redirect that isn't whitelisted. Use the MikroTik torch tool or packet sniffer to watch what DNS queries are being blocked before authentication.

Second: RADIUS timeout mismatches. MikroTik's default RADIUS timeout is 1,100 milliseconds. If Purple's RADIUS server is geographically distant or the network path has latency, you'll see intermittent authentication failures. Increase the timeout to 3,000 milliseconds and configure a backup RADIUS server for resilience.

Third: VLAN filtering not enabled on the bridge. Dynamic VLAN assignment via RADIUS only works if bridge VLAN filtering is enabled. This is a RouterOS requirement. If you're seeing all clients land on the default VLAN regardless of what RADIUS returns, check that vlan-filtering=yes is set on your bridge interface.

Fourth: CAPsMAN version mismatch. If you're running a mix of CAPsMAN version 2 and version 3 managed access points, VLAN tagging behaviour can differ. Standardise on RouterOS 7 with CAPsMAN version 3 across your AP estate before deploying dynamic VLAN features.

One architectural recommendation: run your guest, staff, and management traffic on separate VLANs from day one, even if you're not using all three Purple use cases immediately. Retrofitting VLAN segmentation onto a flat network is significantly more disruptive than building it in from the start.

[RAPID-FIRE Q AND A - approximately 1 minute]

Can I use MikroTik's built-in User Manager instead of an external RADIUS server?

Yes, for smaller deployments. User Manager in RouterOS 7 supports PEAP-MSCHAPv2 for wireless 802.1X and can return the Mikrotik-Wireless-VLANID attribute. For production deployments with Purple, you'll use Purple's hosted RADIUS infrastructure, which handles the identity provider integration and session management for you.

Does Purple support MikroTik CAPsMAN?

Yes. Purple is hardware-agnostic. The integration works at the RADIUS and hotspot redirect level, so it's compatible with standalone MikroTik access points and CAPsMAN-managed deployments equally.

What RouterOS version do I need?

RouterOS 7.x is recommended for all three use cases covered in this guide. Dynamic VLAN assignment via wireless RADIUS and the updated User Manager are RouterOS 7 features. RouterOS 6.x supports hotspot and basic RADIUS authentication but lacks some of the wireless VLAN capabilities.

[SUMMARY AND NEXT STEPS - approximately 1 minute]

To summarise: MikroTik RouterOS gives you three distinct integration points with Purple. The Hotspot Gateway handles guest WiFi redirection and captive portal authentication. The wireless 802.1X configuration with RADIUS handles secure staff WiFi with identity-based access. And MAC-based RADIUS authentication with Private PSK handles multi-tenant network segregation for residential and mixed-use properties.

The common thread across all three is RADIUS. Get your RADIUS client configuration right - correct IP, correct shared secret, correct service type, correct timeout - and the rest follows.

Your next steps: log into your Purple dashboard, navigate to the venue configuration, and grab your RADIUS credentials. Then follow the CLI commands in the written guide to configure your hotspot profile, your wireless security profile, and your walled garden entries. Test with a single access point before rolling out to your full estate.

If you're deploying this at scale - multiple sites, hundreds of access points - Purple's Professional Services team can support the rollout. Purple runs across 80,000 live venues globally, with 99.999% uptime, and is certified to ISO 27001, GDPR, and Cyber Essentials.

Thanks for listening. The full written guide with all CLI commands, RADIUS attribute tables, and worked examples is linked in the show notes.

Executive Summary

Die Integration von MikroTik RouterOS mit Purple schafft ein einheitliches, identitätsbasiertes Netzwerk für Gast-, Mitarbeiter- und Multi-Tenant-Umgebungen. Dieser Leitfaden liefert die spezifische Konfigurationslogik, die für die Bereitstellung des Cloud-Overlays von Purple auf MikroTik-Hardware erforderlich ist. Sie erfahren, wie Sie das RouterOS Hotspot Gateway für die Guest WiFi -Weiterleitung konfigurieren, IEEE 802.1X für sicheres Staff WiFi implementieren und Private Pre-Shared Keys (PPSK) zur Isolierung des Multi-Tenant-WiFi-Traffics bereitstellen.

Indem Sie diesen Bereitstellungsmodellen folgen, segmentieren Sie Ihr Netzwerk sicher und erfassen gleichzeitig First-Party-Daten für WiFi Analytics . Purple verarbeitete im Jahr 2024 440 Millionen Logins mit einer Betriebszeit von 99,999 %, wodurch sich diese Architektur hervorragend für Umgebungen mit hoher Dichte in den Bereichen Einzelhandel , Hotellerie und Transportwesen eignet.

Technical Deep-Dive

Guest WiFi: Captive Portal und Walled Garden

Das MikroTik Hotspot Gateway fängt nicht authentifizierten HTTP-Traffic ab und leitet ihn an das von Purple gehostete Captive Portal weiter. Purple fungiert als RADIUS-Server und übernimmt die Authentifizierung und das Sitzungsmanagement.

Um sicherzustellen, dass das Captive Portal korrekt geladen wird, müssen Sie einen Walled Garden konfigurieren. Dies ermöglicht vor der Authentifizierung den Zugriff auf die Splash-Page-Domains von Purple, Content Delivery Networks (CDNs) und OAuth-Anbieter (wie Google Workspace und Microsoft Entra ID). Ohne diese Einträge wird die Weiterleitungsschleife unterbrochen.

Nach erfolgreicher Authentifizierung gibt der RADIUS-Server von Purple Standardattribute zurück, einschließlich Session-Timeout zur Durchsetzung von Verbindungslimits und optional Mikrotik-Rate-Limit zur Durchsetzung von Bandbreitenbeschränkungen direkt über das Purple-Dashboard.

Staff WiFi: 802.1X-Authentifizierung

Für Staff WiFi eliminieren Sie gemeinsam genutzte Passwörter durch die Bereitstellung von IEEE 802.1X. Der MikroTik-Access-Point fungiert als Authentifikator und leitet EAP-Anmeldedaten an den RADIUS-Server von Purple weiter. Purple lässt sich nativ in Microsoft Entra ID, Okta und Google Workspace integrieren und validiert Anmeldedaten über PEAP-MSCHAPv2 oder EAP-TLS.

Wenn sich ein Mitarbeiter verbindet, kann der RADIUS-Server von Purple das Attribut Mikrotik-Wireless-VLANID zurückgeben. Dies weist den MikroTik-Router an, das authentifizierte Gerät in ein bestimmtes VLAN zu verschieben, was eine rollenbasierte Netzwerksegmentierung über eine einzige SSID ermöglicht. Für einen umfassenderen Überblick über Sicherheitsstandards lesen Sie bitte Enterprise WiFi Security: Ein kompletter Leitfaden für 2026 .

Multi-Tenant-WiFi: Private PSK (PPSK)

Multi-Tenant-Umgebungen erfordern eine sichere Isolierung ohne die Komplexität von 802.1X, da viele Endgeräte (wie Smart-TVs und Spielekonsolen) dies nicht unterstützen. MikroTik unterstützt Private PSK (PPSK) über MAC-basierte RADIUS-Authentifizierung.

Wenn sich ein Gerät mit der SSID verbindet, sendet der MikroTik-Router die MAC-Adresse des Geräts an Purple. Purple gibt das Attribut Mikrotik-Wireless-Psk (die eindeutige Passphrase für diesen Mandanten) und das Attribut Mikrotik-Wireless-VLANID zurück. Diese Architektur ermöglicht es Hunderten von Mandanten, sich eine einzige SSID zu teilen, während sie in völlig isolierten Netzwerkbereichen verbleiben.

Implementation Guide

1. Konfiguration des RADIUS-Clients

Definieren Sie zunächst Purple als RADIUS-Server in RouterOS. Dies gilt für alle drei Anwendungsfälle.

/radius
add address=YOUR-PURPLE-RADIUS-IP secret=YOUR-SHARED-SECRET service=hotspot,wireless authentication-port=1812 accounting-port=1813 timeout=3000ms

2. Guest WiFi Hotspot-Einrichtung

Führen Sie den Hotspot-Einrichtungsassistenten auf Ihrer Gast-VLAN-Schnittstelle aus und aktivieren Sie dann die RADIUS-Authentifizierung für das resultierende Profil.

/ip hotspot profile
set [ find default=yes ] use-radius=yes radius-accounting=yes

Konfigurieren Sie den Walled Garden, um den Zugriff auf die Infrastruktur von Purple zu ermöglichen.

/ip hotspot walled-garden
add action=allow dst-host=*purple.ai
add action=allow dst-host=*purpleportal.net

3. Staff WiFi 802.1X-Einrichtung

Konfigurieren Sie das Wireless-Sicherheitsprofil für die Verwendung von WPA2-Enterprise und verweisen Sie auf den RADIUS-Server.

/interface wireless security-profiles
add authentication-types=wpa2-eap eap-methods=passthrough mode=dynamic-keys name=staff-8021x radius-mac-authentication=no

Stellen Sie sicher, dass das Bridge-VLAN-Filtering aktiviert ist, um die dynamische VLAN-Zuweisung zu unterstützen.

/interface bridge
set bridge1 vlan-filtering=yes

4. Multi-Tenant-PPSK-Einrichtung

Aktivieren Sie für PPSK die MAC-Authentifizierung im Wireless-Sicherheitsprofil und konfigurieren Sie das MAC-Adressformat.

/interface wireless security-profiles
add authentication-types=wpa2-psk mode=dynamic-keys name=multi-tenant-ppsk radius-mac-authentication=yes radius-mac-format=XX:XX:XX:XX:XX:XX

Best Practices

Standardisierung auf RouterOS 7: Die dynamische VLAN-Zuweisung über Wireless-RADIUS ist in RouterOS 7 im Vergleich zu RouterOS 6 deutlich robuster.
RADIUS-Timeouts erhöhen: Der standardmäßige MikroTik-RADIUS-Timeout beträgt 1100 ms. Erhöhen Sie diesen auf 3000 ms, um sporadische Authentifizierungsfehler durch Netzwerklatenz zu verhindern.
Hostname-Einträge für Walled Garden verwenden: Verwenden Sie für Walled-Garden-Einträge immer dst-host anstelle von dst-address, da sich die IP-Adressen von Cloud-Infrastrukturen veränge häufig.
Bridge-VLAN-Filterung aktivieren: Die dynamische VLAN-Zuweisung via RADIUS (Mikrotik-Wireless-VLANID) erfordert vlan-filtering=yes auf der Bridge-Schnittstelle.

Fehlerbehebung & Risikominderung

Wenn das Captive Portal nicht geladen werden kann, ist der Walled Garden höchstwahrscheinlich unvollständig. Verwenden Sie das MikroTik Torch-Tool, um verworfene DNS-Anfragen von nicht authentifizierten Clients im Gast-VLAN zu überwachen. Fügen Sie die fehlenden Domains dem Walled Garden hinzu.

Wenn die Authentifizierung von 802.1X-Clients fehlschlägt, überprüfen Sie das Shared Secret und stellen Sie sicher, dass der RADIUS-Client mit service=wireless konfiguriert ist. Überprüfen Sie die Protokolle im Purple-Dashboard, um festzustellen, ob das Access-Reject von Purple oder Ihrem Identitätsanbieter stammt.

Wenn sich Clients authentifizieren, aber die falsche IP-Adresse erhalten, stellen Sie sicher, dass die Bridge-VLAN-Filterung aktiviert ist und der DHCP-Server korrekt an die dynamisch zugewiesene VLAN-Schnittstelle gebunden ist.

ROI & geschäftliche Auswirkungen

Die Bereitstellung von Purple in Ihrer MikroTik-Infrastruktur verwandelt eine Kostenstelle in eine Einnahmequelle. Durch die Erfassung von First-Party-Daten können Veranstaltungsorte detaillierte digitale Profile erstellen und Marketingkampagnen automatisieren. Beispielsweise erzielte Avanti West Coast eine Kapitalrendite (ROI) von 463 %, indem das Unternehmen von wiederkehrenden Reisenden und Upselling-Möglichkeiten profitierte.

Darüber hinaus reduziert identitätsgesteuertes Networking den IT-Overhead. Die Automatisierung des Onboardings und Offboardings für das Staff WiFi über Entra ID erübrigt die manuelle Passwortverwaltung, während PPSK für Multi-Tenant WiFi es Immobilienverwaltern ermöglicht, isolierte Netzwerke bereitzustellen, ohne dedizierte Hardware pro Einheit installieren zu müssen.

Schlüsseldefinitionen

Hotspot Gateway

A RouterOS feature that intercepts unauthenticated HTTP traffic and redirects it to a captive portal splash page.

Used to capture guest data and enforce terms of service before granting internet access.

Walled Garden

A list of allowed destinations that unauthenticated users can access.

Critical for allowing guests to reach the Purple splash page, CDNs, and OAuth providers (like Google) to complete the login process.

802.1X

An IEEE standard for port-based network access control that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN.

Used for secure Staff WiFi, allowing authentication via Entra ID or Okta instead of a shared password.

Private PSK (PPSK)

A security architecture where multiple unique Pre-Shared Keys are used on a single SSID, often tied to specific MAC addresses and VLANs.

Ideal for Multi-Tenant WiFi, providing isolated network bubbles for residents and their consumer devices.

RADIUS

Remote Authentication Dial-In User Service. A networking protocol that provides centralised Authentication, Authorization, and Accounting (AAA) management.

The core protocol linking MikroTik hardware to Purple's cloud platform for identity validation.

VLAN Filtering

A RouterOS bridge setting that enforces VLAN tagging and untagging rules on bridge ports.

Must be enabled for dynamic VLAN assignment via RADIUS to function correctly.

CAPsMAN

Controlled Access Point system Manager. MikroTik's centralised wireless management system.

Used to deploy consistent wireless security profiles and RADIUS settings across multiple access points.

EAP-TLS

Extensible Authentication Protocol - Transport Layer Security. A highly secure authentication method requiring client-side certificates.

Supported by Purple for zero-trust Staff WiFi deployments where passwordless authentication is required.

Ausgearbeitete Beispiele

A 200-room hotel needs to deploy secure Staff WiFi across their MikroTik access points. They want finance staff on VLAN 10 and operations staff on VLAN 20, using their existing Microsoft Entra ID credentials.

Integrate Purple with Microsoft Entra ID in the Purple dashboard.
Configure the MikroTik RADIUS client to point to Purple with service=wireless.
Create a MikroTik wireless security profile with authentication-types=wpa2-eap.
Enable vlan-filtering=yes on the MikroTik bridge.
In Purple, map the Entra ID 'Finance' group to return Mikrotik-Wireless-VLANID=10 and the 'Operations' group to return Mikrotik-Wireless-VLANID=20.

Kommentar des Prüfers: This approach uses IEEE 802.1X for secure, passwordless authentication. By relying on Entra ID groups and RADIUS attributes, the network dynamically segments traffic at the edge, reducing the attack surface and eliminating manual VLAN configuration on the router.

A build-to-rent property manager needs to provide isolated WiFi networks for 50 apartments using a single SSID broadcast from MikroTik CAPsMAN.

Configure the MikroTik wireless security profile for the SSID with authentication-types=wpa2-psk and radius-mac-authentication=yes.
Ensure the RADIUS client is configured with service=wireless pointing to Purple.
In the Purple dashboard, register the MAC addresses of the residents' devices.
Assign a unique PSK and VLAN ID to each apartment in Purple.
When a device connects, Purple returns the Mikrotik-Wireless-Psk and Mikrotik-Wireless-VLANID attributes, placing the device in its isolated network bubble.

Kommentar des Prüfers: This Private PSK (PPSK) architecture provides enterprise-grade isolation while supporting consumer devices that lack 802.1X capabilities. It scales efficiently and allows centralised management via Purple.

Übungsfragen

Q1. You have configured the MikroTik Hotspot Gateway and pointed it to Purple's RADIUS server. Guests connect to the SSID, but their browsers display a timeout error instead of the Purple splash page. What is the most likely configuration error?

Hinweis: Consider what must happen before the guest authenticates.

Musterlösung anzeigen

The walled garden is misconfigured or missing entries. Without allowing access to Purple's splash page domains and associated CDNs in the /ip hotspot walled-garden, the unauthenticated guest cannot load the login page, resulting in a timeout.

Q2. A retail chain wants to deploy Staff WiFi using 802.1X and Entra ID. They configure `authentication-types=wpa2-eap` and set up the RADIUS client. However, authentication fails. You check the RADIUS client configuration and see `service=hotspot`. How do you resolve this?

Hinweis: Different wireless authentication methods require different RADIUS service types in RouterOS.

Musterlösung anzeigen

Change the RADIUS client configuration to include service=wireless. The hotspot service type is only used for captive portal authentication. 802.1X and MAC authentication require the wireless service type.

Q3. You are deploying Multi-Tenant WiFi using Private PSKs. Purple successfully returns the `Mikrotik-Wireless-Psk` and `Mikrotik-Wireless-VLANID` attributes, and the device connects. However, the device receives an IP address from the default management subnet, not the isolated tenant subnet. What RouterOS setting is missing?

Hinweis: Dynamic VLAN assignment requires the bridge to process VLAN tags.

Musterlösung anzeigen

Bridge VLAN filtering is disabled. You must set vlan-filtering=yes on the bridge interface. Without this, the bridge ignores the dynamic VLAN tag assigned by RADIUS, and the traffic falls back to the default untagged PVID.

Weiterlesen in dieser Reihe

Alta Labs Integration mit Purple WiFi: Einrichtung und Captive Portal Konfiguration

Dieses technische Referenzhandbuch beschreibt die End-to-End-Integration von Alta Labs AP6 und AP6 Pro Access Points mit dem Cloud-basierten Captive Portal von Purple. Es beschreibt detailliert die Konfiguration externer Weiterleitungen, RADIUS-Authentifizierung, Walled-Garden-Anforderungen und Multi-Tenant-Segmentierung mithilfe von AltaPass Private Pre-Shared Keys. Betreiber von Veranstaltungsorten und IT-Teams erhalten einen reproduzierbaren Bereitstellungsleitfaden für das Gastgewerbe, den Einzelhandel und Smart-Office-Umgebungen.

Aruba ClearPass und Purple WiFi: Integrations- und Bereitstellungshandbuch

Dieser Leitfaden bietet eine vollständige technische Referenz für die Integration von HPE Aruba ClearPass Policy Manager mit der Purple WiFi-Plattform, einschließlich RADIUS-Proxy-Architektur, Captive Portal-Konfiguration und dynamischer VLAN-Rollen-Zuordnung. Er richtet sich an IT-Manager und Netzwerkarchitekten in Umgebungen mit starker Aruba-Präsenz, die ClearPass für NAC beibehalten und gleichzeitig Purple für die Gastauthentifizierung und -analyse einsetzen möchten. Die Implementierung dieser Integration schließt eine kritische Anbieterlücke und ermöglicht Sicherheit und Compliance auf Unternehmensniveau zusammen mit den marktführenden Besucheranalysefunktionen von Purple.

Aruba Central und Purple WiFi: Cloud-verwaltete Integration

Ein umfassender technischer Leitfaden zur Integration von Aruba Central mit der Cloud-basierten Gast-WiFi-Intelligenzplattform von Purple. Dieser Leitfaden behandelt die Architektur, die Schritt-für-Schritt-Konfiguration externer Captive Portals und RADIUS sowie Strategien für die Einführung an mehreren Standorten für IT-Teams von Unternehmen.