ACLs

class ipv4 "ALLOW-CLEARPASS-ACL"
10 match tcp 0.0.0.0 255.255.255.255 <CLEARPASS-IP> 0.0.0.0 eq 80
20 match tcp 0.0.0.0 255.255.255.255 <CLEARPASS-IP> 0.0.0.0 eq 443

exit

class ipv4 "ALLOW-DNS-ACL"
10 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 53
exit
class ipv4 "ALLOW-DHCP-ACL"
10 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 67
exit

exit
class ipv4 "ALLOW-HTTP_HTTPS-ACL"
10 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 80
20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 443

exit

 

Captive Portal Policy
policy user "CAPTIVE_PORTAL-REDIRECT-POLICY"
10 class ipv4 "ALLOW-DHCP-ACL" action permit
20 class ipv4 "ALLOW-DNS-ACL" action permit
30 class ipv4 "ALLOW-CLEARPASS-ACL" action permit
40 class ipv4 "ALLOW-HTTP_HTTPS-ACL" action redirect captive-portal

exit