Security

Reply
Frequent Contributor I
Posts: 63
Registered: ‎05-21-2012

Wired Captive Portal

I searched but didn't see that anyone had asked this previously. 

 

Is anyone using Clearpass Guest or CPPM with Captive Portal device registration for a Cisco Switching environment?  We're Aruba on Wireless and Cisco on Wired currently.  We're trying to replace our current Device registration system in our residential complex and would like to leverage our use of Clearpass Guest if possible.  

 

I'm currently running Clearpass Guest/Amigopod 3.9 and plan to move to 6.0, or likely 6.1, in the next few months.   Any direction would be greatly appreciated.  Thanks.

Guru Elite
Posts: 19,970
Registered: ‎03-29-2007

Re: Wired Captive Portal

I would terminate that wired Cisco VLAN into an untrusted interface of an Aruba Controller and take it from there.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: Wired Captive Portal

Have you had any luck with Cisco Wired Captive Portal & Clearpass? 

MVP
Posts: 1,110
Registered: ‎10-11-2011

Re: Wired Captive Portal

I've attempted local web auth (on a catalyst 2960) and it was painful, so I gave up on it.  I'm going to try Colin's suggestion as others have also pointed me in this direction.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: Wired Captive Portal

Ok; I'm assuming the use of the onBoard piece can help and serve as a work-around. But that's $$$ to license.
MVP
Posts: 1,392
Registered: ‎11-30-2011

Re: Wired Captive Portal

don't see how onboard is going to help, you need something to redirect you, for example an aruba controller like cjospeh suggests or work with the device builtin webauth system.

Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: Wired Captive Portal

Hoping on-guard will configure 802.1x on device and once it reauthenticates. Device will have access. I've got the redirect working. Unless aruba guest can do cisco COA.
Guru Elite
Posts: 19,970
Registered: ‎03-29-2007

Re: Wired Captive Portal


sdr53 wrote:
Hoping on-guard will configure 802.1x on device and once it reauthenticates. Device will have access. I've got the redirect working. Unless aruba guest can do cisco COA.

Okay.  You can put a link to Quickconnect on your redirect page and that will configure the wired and/or wireless portion for your clients.  The difference between Onboarding and Quickconnect is that Onboarding distributes unique credentials in addition to configuring endpoint supplicants.  If you simply want users to have their endpoints configured and put in their username and password for authentication, quickconnect can do that on your redirect page by automatically detecting the OS and providing a link to configure it http://www.arubanetworks.com/pdf/products/DS_ClearPass_QuickConnect.pdf

 

Distributing unique credentials with PEAP or TLS = Onboard

Configuring Endpoints to use their OWN credentials = Quickconnect

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor II
Posts: 122
Registered: ‎01-19-2013

Re: Wired Captive Portal

If we can't terminate on a controller could we terminate on an aruba switch instead? We don't have an aruba controller at every location.
Search Airheads
Showing results for 
Search instead for 
Did you mean: