Security

Reply
Occasional Contributor II
Posts: 17
Registered: ‎09-03-2014

Captive portal and L3 VLAN

We're trying to integrate our MDM solution with our existing ClearPass-authenticated wireless environment.  The idea is that when any device connects to our SSID, if it is not MDM-enabled (as identified by ClearPass), it is given a user role which forces redirection to a captive portal where it can be enrolled with the MDM solution.

 

The complication is that our wireless VLANs are not configured locally on the controller, but on the switches.  I understand that the (captive portal) VLAN where devices can enroll, should be configured locally on the controller.  However, for devices that are enrolled, we wish them to go straight to a VLAN that is not configured on the controller.  Is this possible?

Guru Elite
Posts: 8,448
Registered: ‎09-08-2010

Re: Captive portal and L3 VLAN

If you're using bridge mode, captive portal is not possible.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 17
Registered: ‎09-03-2014

Re: Captive portal and L3 VLAN

The VAP is configured in split tunnel mode already.  My question is whether I can achieve this captive portal user role for non-MDM-enrolled devices without having the VLANs configured on the controllers?  The reason I ask is that each of our remote locations use the same VLAN ID, but have different subnets as defined on the local switches.

 

I should point at that I'm not using the captive portal for authentication, but for redirection to MDM enrollment page.

Guru Elite
Posts: 8,448
Registered: ‎09-08-2010

Re: Captive portal and L3 VLAN

Yes. You'd use names VLANs and return the VLAN name.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: