Security

Reply
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

captive portal + mac auth on single ssid

[ Edited ]

I have a number of devices that need to connect to my guest wireless network that dont use captive portal (clearpass 6.2). Theres not a large number so mac auth is feasible. For a variety or reasons I cant use another ssid and cabling isnt an option.

 

What I need to achieve is mac auth for those devices, but captive portal for everything else.

 

After a quick tinker, I dont think the default mac auth with instant is going to work as the mac becomes the username and the remaining clients fail captive portal services.

Ive also had a quick go with connection:client-mac-address (sorry thats from memory) and radius:ietf-calling-station-id but I dont seem to get a match in access tracker.

 

Anyone done something similar and can point me in the right direction?

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: captive portal + mac auth on single ssid

In the service template use the guest Mac auth with Mac caching and then you can use the device repository as an auth source along with the guest user repository.

Then you can registered those devices in the guest manger under create a device.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

Re: captive portal + mac auth on single ssid

Is there a way to not cache the guest users? Or at least present them with a login page? The use of the captive portal page is quite important in this solution
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

Re: captive portal + mac auth on single ssid

Perhaps I could use a static list instead of the device repository which guests will never match... might test that tomorrow
Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: captive portal + mac auth on single ssid

Set the cache settting to the same as the lifetime of the account in guest.

Or you can remove the guest user part of the service and only allow the device reg only in the auth source
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Occasional Contributor II
Posts: 37
Registered: ‎03-15-2011

Re: captive portal + mac auth on single ssid

All sorted, I did have it the way you described and it is working now, I just had a browser that was getting stuck during the captive portal process. Binned the device, got a new one and it works.

Thanks!
Search Airheads
Showing results for 
Search instead for 
Did you mean: