Wireless Access

Reply
Frequent Contributor I
Posts: 89
Registered: ‎10-27-2013

Redirect to Guest SSID upon Auth failure

Hi All

 

Was wondering if it will be possible to redirect a client to a different SSID on a normal Aruba Controller setup without using a Clearpass?

I want to look at achieving something similar to when a controller blacklists a client upon Auth failure, but instead of blacklisting them, I want them redirected to my Guest SSID.

Is this possible without a clearpass or similar UAC?

MVP
Posts: 520
Registered: ‎05-11-2011

Re: Redirect to Guest SSID upon Auth failure

[ Edited ]

No, you can't trigger their devices to connect to a different SSID (even if you did have Clearpass) in this scenario. A reject from the Radius here will prevent the device from associating with the .1x SSIDso you can't place it in a captive portal role either.

 

That said - it is possible that the device itself might choose to connect to another SSID if it fails to connect to preferred one. That in turn require that the device has already been connected to the SSID before and wants to do it again "when all else fails"... Not something I would do tho - as a common routine for your users seems to be a better solution..

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
Frequent Contributor I
Posts: 89
Registered: ‎10-27-2013

Re: Redirect to Guest SSID upon Auth failure

[ Edited ]

Hmm - ok - So no SSID redirect..

 

Would it then be feasible or possible to drop a user who failed Authentication into a different Vlan on the same SSID? But then the assosciation reject from Radius wil still be an issue then I guess.

 

So in short - if Auth Fails you can't move the client to different role, vlan or anything of the likes?

Guru Elite
Posts: 8,631
Registered: ‎09-08-2010

Re: Redirect to Guest SSID upon Auth failure

Unfortunately you can't fail open with 802.1X. If authentication fails, that's the end of the road.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: