Wireless Access

Hi All

 

Was wondering if it will be possible to redirect a client to a different SSID on a normal Aruba Controller setup without using a Clearpass?

I want to look at achieving something similar to when a controller blacklists a client upon Auth failure, but instead of blacklisting them, I want them redirected to my Guest SSID.

Is this possible without a clearpass or similar UAC?

No, you can't trigger their devices to connect to a different SSID (even if you did have Clearpass) in this scenario. A reject from the Radius here will prevent the device from associating with the .1x SSIDso you can't place it in a captive portal role either.

 

That said - it is possible that the device itself might choose to connect to another SSID if it fails to connect to preferred one. That in turn require that the device has already been connected to the SSID before and wants to do it again "when all else fails"... Not something I would do tho - as a common routine for your users seems to be a better solution..

 

Hmm - ok - So no SSID redirect..

 

Would it then be feasible or possible to drop a user who failed Authentication into a different Vlan on the same SSID? But then the assosciation reject from Radius wil still be an issue then I guess.

 

So in short - if Auth Fails you can't move the client to different role, vlan or anything of the likes?

Unfortunately you can't fail open with 802.1X. If authentication fails, that's the end of the road.

Sent from Nine