Security

Reply
Contributor I
Posts: 26
Registered: ‎11-15-2013

Guest wifi network with mac auth and captive portal

I have a guest wireless with mac auth and captive portal.  Both are working great.  The mac auth is for gaming devices and the captive portal just asks for email address and gives them access for 24 hours. 

 

I did notice an issue on both UDR and MAC auth within the Guest network.  If a user is not within the UDR or has their MAC within Active Directory, they go into the guest role and their gaming device gets an IP but cannot connect out to the internet, due to the captive portal login and the Playstation 4 I'm using for testing doesn't support captive portal.

 

However, if I add the user to a UDR or MAC user in AD then clear the user by doing aaa user delete mac, have them reconnect and then they get the correct role, which in my case is the "gaming auth" role. 

 

Any idea on when a user connects to the guest logon before their account is setup on UDR or MAC Auth to reauthenticate them either by trying again to reconnect to the guest wireless or rebooting their device without having to delete their mac from the clients?

 

 

Guru Elite
Posts: 8,637
Registered: ‎09-08-2010

Re: Guest wifi network with mac auth and captive portal

It is only possible to dynamically clear sessions:

  1. Using a purpose-built policy engine like ClearPass
  2. Using the XML api to bump users using a custom application

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: Guest wifi network with mac auth and captive portal

Hi richreitenauer,

 

Let understand your requirement, do you want a solution where user should get internet  access after login through Captive portal ? or you want to implement Captive portal auth along with MAC auth ? is yes, you have a solution in Clear Pass, a feature called CP auth with MAC caching.

 

In CP with MAC caching, user will authenticate first time with CP and then CPPM will capture the MAC address of the client and store it the internal database. then onwards, user will go through MAC authentication.

 

Please let me know if you are looking for the similar solution.

 
Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: