Security

Reply
Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

802.1x and captive portal

Hi,

 

Is there anyway to use captive portal in addition to 802.1x? We are using dot 1x authentication for our staff and students BYOD. Can we present a captive portal 802.1x authentication?

 

We are using rule derivatives on aruba controller to assign role and vlans to staff and to students. We are planning to have a userid and password for guest to first do 802.1x authentication and then be presented with a captive portal to authenticate. Or in other case we have some kiosk machine which students can use to check their time table. We want those machines to be connected using 802.1x so that they remain on network but user access can only be set using captive portal.

 

thanks

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: 802.1x and captive portal

You can use a captive portal for informational screens after an 802.1X authentication but you can't really perform a web auth after 1X

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: 802.1x and captive portal

[ Edited ]

 

802.1x = L2 auth 

Captive = L3 auth

 

(Thanks to cjoseph)

 

After successfully authenticating with the Captive Portal, the user role is then the "Default Role" specified in the Captive Portal authentication profile; the AAA profile is not in play when Captive Portal authentication is being done.

When you are doing 802.1x in the AAA profile, the 802.1x profile is what a user gets, UNLESS you have a server derivation rule in the server group that overrides this (like if your radius server returned an attribute). You are doing the right thing; you do not need enforce machine authentication.

 

read here:

http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/802-1x-with-Internal-Captive-Portal/td-p/12156

 

 

 

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Re: 802.1x and captive portal

After successful authentication through 802.1x client gets a role which is assigned through server derivative rules which will hijack the client's session and present with captive portal. When client browse, he is forwarded to captive portal and after successful captive portal authentication nothing happens. It sits there and on controller the role doesn't change.

 

I am close but I don't know why after successful authentication on captive portal the role doesn't change on controller.

 

Any advice?

Aruba
Posts: 1,542
Registered: ‎06-12-2012

Re: 802.1x and captive portal

Is this cppm or controller captive portal
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Re: 802.1x and captive portal

Actually it is an external captive portal and it works just fine with other captive portal SSID. It is the 802.1x SSID I am having trouble with.

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: 802.1x and captive portal

I don’t think you can do a captive portal authentication after an 802.1X auth because the user’s state is already authenticated.

What are you trying to achieve with this? Why are you authenticating them twice?

Sent from Surface Pro

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Re: 802.1x and captive portal

We have several kiosk machines which we want to be connected to our wireless network. Suppose when a student browse to website he or she should be presented with captive portal to login with their respective usernames and password. When the machine is shutdown there session will be terminated on controller and hence when another user logs in, he should be presented with captive portal again. But on the back end machines should be connected to our 802.1x protected SSID.

 

Is it possible to achieve this? I don't want to have multiple SSIDs like different for 802.1x and one for captive portal.

Guru Elite
Posts: 21,025
Registered: ‎03-29-2007

Re: 802.1x and captive portal

Why bother with 802.1x?  Just have it use a Captive Portal....  OR, if it is a domain machine, just make the user login to windows with 802.1x credentials...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎03-21-2013

Re: 802.1x and captive portal

But then I have to create one more SSID with captive portal authentication, isn't it?

 

At the moment we have two 802.1x SSIDs.

Search Airheads
Showing results for 
Search instead for 
Did you mean: