07-23-2014 08:11 PM
Is it possible to use captive portal with dynamic vlan assignment on aruba controller? I've tried for 802.1x method, but not sure how to do it for captive portal. Need some advice and guidance on this.
07-25-2014 02:29 AM
You can, in theory, switch VLANs on a captive portal authentication. For Aruba, return the VLAN with the captive portal authentication from your authentication server.
However, realize that captive portal requires a valid IP address on the client. If you switch VLANs to a different VLAN before - and after authentication, your client will still have the same IP for the old VLAN, resulting in loss of connectivity.
Switching VLANs after clients received IP addresses is a problematic thing in general. Clients typically don't like VLAN switches by the network.
Some report that setting the DHCP lease-time very short (10-20 seconds) may work as the client will then renew the IP every time; however this approach is a bit flakey.
With Aruba WLAN, the better solution is to use different roles and put access-lists and QoS on those roles. The roles may switch and change the access while client remains in the same VLAN subnet; which is probably the result that you want to achieve.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.