06-09-2014 07:58 PM
Is there anyway to use captive portal in addition to 802.1x? We are using dot 1x authentication for our staff and students BYOD. Can we present a captive portal 802.1x authentication?
We are using rule derivatives on aruba controller to assign role and vlans to staff and to students. We are planning to have a userid and password for guest to first do 802.1x authentication and then be presented with a captive portal to authenticate. Or in other case we have some kiosk machine which students can use to check their time table. We want those machines to be connected using 802.1x so that they remain on network but user access can only be set using captive portal.
06-09-2014 08:00 PM
06-09-2014 10:46 PM - edited 06-09-2014 10:50 PM
802.1x = L2 auth
Captive = L3 auth
(Thanks to cjoseph)
After successfully authenticating with the Captive Portal, the user role is then the "Default Role" specified in the Captive Portal authentication profile; the AAA profile is not in play when Captive Portal authentication is being done.
When you are doing 802.1x in the AAA profile, the 802.1x profile is what a user gets, UNLESS you have a server derivation rule in the server group that overrides this (like if your radius server returned an attribute). You are doing the right thing; you do not need enforce machine authentication.
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
06-17-2014 02:30 PM
After successful authentication through 802.1x client gets a role which is assigned through server derivative rules which will hijack the client's session and present with captive portal. When client browse, he is forwarded to captive portal and after successful captive portal authentication nothing happens. It sits there and on controller the role doesn't change.
I am close but I don't know why after successful authentication on captive portal the role doesn't change on controller.
06-17-2014 02:34 PM
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.
06-17-2014 02:40 PM
What are you trying to achieve with this? Why are you authenticating them twice?
Sent from Surface Pro
06-17-2014 02:52 PM
We have several kiosk machines which we want to be connected to our wireless network. Suppose when a student browse to website he or she should be presented with captive portal to login with their respective usernames and password. When the machine is shutdown there session will be terminated on controller and hence when another user logs in, he should be presented with captive portal again. But on the back end machines should be connected to our 802.1x protected SSID.
Is it possible to achieve this? I don't want to have multiple SSIDs like different for 802.1x and one for captive portal.
06-17-2014 04:23 PM
Why bother with 802.1x? Just have it use a Captive Portal.... OR, if it is a domain machine, just make the user login to windows with 802.1x credentials...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base