10-18-2016 01:19 PM
I am running into an issue where I have a successful authentication with clearpass guest, user connects to guest SSID --> redirect to captive portal --> user successfully is authenticated, assigned roles and enforcement policies. However, the enforcement policies access tracker shows that the output of the radius request is to switch user vlan to 400, when looking on the controller this doesn't happen the user stays in the default vlan.
10-18-2016 01:39 PM
That is because the client does not re-dhcp, because it cannot tell that the underlying vlan has changed. There are some ways to possibly do this like having a super-short DHCP lease (seconds), but most people abandon trying to do this with a captive portal. 802.1x on the other hand only assigns a vlan after authentication, so it is the perfect place to change or assign vlans after authentication.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
10-18-2016 03:27 PM
Thanks for the reply, my client is not in a hurry at the moment so I am going to explore the dhcp lease option with a few other things I have been labbing out. Will post follow up with results at a later date.