Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Aruba Controller to Filter RADIUS Access-Reject reason, then show in the Captive Portal?

This thread has been viewed 2 times

  • 1.  Aruba Controller to Filter RADIUS Access-Reject reason, then show in the Captive Portal?

    Posted Jan 13, 2014 07:09 AM

    Is it possible for Aruba Controller to accomplish the following task:

     

    The scenario for RADIUS Access-Reject:

        Wireless users   --> (Aruba AP)  --> Controller --> Redirect to External Portal  --> User Portal Login -->

        Controller RADIUS request to RADIUS Server  --> RADIUS Access-Reject with Reply-Message="22" which means 

        "Duplicate User Login".

     

    Now, Aruba Controller will redirect client to external portal with parameter errmsg = "Authentication Failed", which is the same with

    wrong user name/password.

     

    Is it possible for Aruba Controller to send redirect URL parameter based on RADIUS reply message to distinguish wrong user/password from other reject reason such as duplicate login?

     

    ** I know the Controller itself can enable "Allow only one active user session" in captiveportal profile, but unfortunately it is

    required to enforce this check on the customer RADIUS, because it serves not only our Aruba Wireless system but other

    public wireless access by other vendors.