Security

Reply
New Contributor

Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

Hi there

 

I want to make mac-auth on aruba 2530 switch, with fallback to captive portal.

 

I didn't find some detailed guide on how to accomplish that. I tried several ways, without success.

 

Is there some guide on how I accomplish that?

 

Thank you very much

Guru Elite

Re: Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

Did you look at the ClearPass Solution Guide for Wired Policy Enforcement?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

Yes i did follow the guide - in my home lab i get it to work. I wanted to integrate this in the business network - but with the same config i didn't get it to work.

 

The setup is like this:

The Switch has configured a mgmt - VLAN (IP 172.31.20.20).

On this switch  I configured these settings: (192.168.99.5 is the ip of the clearpass appliance)

radius-server host 192.168.99.5 key "Secret"
radius-server host 192.168.99.5 dyn-authorization
radius-server host 192.168.99.5 time-window 0

 

aaa authentication port-access chap-radius
aaa authentication captive-portal enable
aaa port-access mac-based 8

 

Then the captive portal opens with some parameters (mac, ip, timestamp) in the url.

 

In the office i get the captive portal, but without these parameters. Then I want to login and the message appears that not the required parameters were found.

 

The switch at home and office is exact the same type and firmware. The only difference is that in the office the routing is much more complex - but all ports needed are open. I can also see the applied ACL on the switch.

 

Are there some requirements that have to been met on switch side so that everything works?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: