10-14-2015 06:41 PM
recently moved to Aruba (previously with Cisco/Meraki/Extreme)... anyway.
This is the goal i am trying to achieve:
- I am with my laptop and i see a Guest SSID
- i connect to the Guest SSID which is open and redirects me to a captive portal
- Captive Portal is configured to authenticate me towards my AD that acts as Radius (NPS)
- Captive portal authenticates me and i got assigned in another VLAN as configured, on another subnet
Now all this is OK. there is only one problem. Once i am in the guest-ssid i got an ip that allows me to get to the captive portal right? Then i authenticate and something on the network happens to the point that my packets then gets tagged. Obvisouly the new vlan MUST BE on another subnet. I dont believe that my laptop is aware of the change, as from its prospective, it still connected to the same SSID-Guest, so IT IS NOT GOING TO request another address from the DHCP server. As result, i authenticate and then i have no network connection. Obviously i cannot access my guests (there are plenty...) to refresh the ip...
Can you clarify?
Solved! Go to Solution.
10-14-2015 06:45 PM
10-14-2015 07:30 PM
thanks for the quick answer.
So basically you are saying that the SSID authentication will be based on 802.1x so this way i get access to the network and placed in the right vlan after authentication, that should fix the dhcp issue...
- I have an SSID which has 802.1x base authentication
- I bring my laptop, connect to the SSID that immediately will request user/pass
- user pass sits in AD. Based on AD group membership, the NPS give an attribute to the requesting AP to place that particoular endpoint to a particoular VLAN.
- I gain access to that VLAN and acquire an ip via dhcp in that vlan.
Would this work?
Is a kb article you know of that explains the process? i think it is a fairly common request.