Security

I believe this is possible, but am stuck on how to configure it.  Here is what I want to happen and how I have it configured.

I have a WLAN of "Contractors" on vlan 60, when people join the SSID they get the captivate portal just fine, and access is restricted like I want.

vlan 60 along with all the other VLAN's on the Aruba controller are trunked to my Cisco 6509 core switch.

I would like to make a port on the switch to also be vlan 60 and then route all its traffic thru the Aruba controller so I get the same feeling as if I was joined via wireless. But wired of course.

I have the dhcp helper configured on the core to use Aruba as the DHCP server. and the client that is plugged into the switchport on vlan 60 gets all required information from Aruba. (gateway, DNS, IP, etc)

The client that is plugged in, connects to the network just fine and routes traffic, but never gets the captivate portal, and is not being filtered by the Aruba firewall... looks like the controller is just passing traffic thru no questions asked... Any ideas?

Regards,

Eric

Hi Eric,

What you are describing is consistent with the port (or VLAN in your case) being 'trusted' at present.

You need to change the configuration of the controller to 'untrust' VLAN 60 so then all traffic coming in from the contractors will be subject to authentication (aka captive portal)

Perfect that makes sense!  Thanks.