11-23-2016 07:39 AM - edited 11-23-2016 08:02 AM
--Credit to COLIN JOSEPH--
Reposting this as the initial header was mistyped and hard to find. This helped me out big time as Aruba support was telling me i needed to use CPPM and guest license to create this simple solution.
(1) Create a new Captive Portal Authentication Profile called "Redirect" with the default role as your 802.1x authentication role. Uncheck User Login, uncheck Guest Login, Uncheck Logout popup Window. Make sure Show Welcome Page is checked. Save the profile.
(2) Create a user-role called "Redirect" and make sure the Captiveportal firewall policy, as well as DNS, DHCP and ICMP policies are applied to it. Configure the captive portal authentication profile on this role as the "Redirect" Captive Portal Authentication profile that you configured above.
(3) Either create an HTML page or a jpeg that says "Thanks for logging in" and upload it to the controller under Configuration > Management > Captive Portal (Customize Login page or Upload Custom Pages) under the Redirect Captive Portal Profile you created in the first step.
(4) Edit your AAA profile for that SSID so that your default 802.1x role is the "Redirect" role that you created in step 1.
This is how it is supposed to work:
User authenticates successfully via 802.1x and ends up in the "Redirect" role. The Redirect role has the Captive Portal firewall policy and DHCP and DNS which allows to user to get an IP address, but redirects http and https traffic to the captive portal. The controller sees that the user is in the "Redirect" role when his http/https traffic hits the controler when the browser is opened and looks up the Captive Portal Authentication profile associated with the role. The Captive Portal Profile we created has no authentication, but is only there to display whatever "Welcome" page that we have configured, and then disappear. The user is then placed in the default Guest role of that captive portal profile.
Aruba Customer Engineering