Hi Airheads,
Hope everyone's powering through this pandemic craziness ok. With the weather getting cold and no pandemic-compatible indoor activities to do this past Saturday, I ended up cranking out
Cisco ISE 3 + ArubaOS-Switch Wired Guest Captive Portal in my homelab, and it turned out just ok.
The reason I say it turned out "just ok" is if you print out the PDF of that lab, it's about 18 pages long, and a lot more complicated than I'd like. I'm sure it would have been a tiny bit smoother & straightforward with Clearpass instead of doing all the ISE stuff to support switches other than Cisco's. That being said, there's still all the aaa port-access configs & whatnot that must be perfectly applied to every access layer switch for the captive portal to work. Getting all of the configs applied to every single wired guest port on every single access switch isn't necessarily something I find enjoyable, even with the right automation tools.
I'd really like to do something more like
NetReg: Network DHCP Registration System where you have one box that's effectively a DHCP server handling all things captive portal, no need for complicated access switch configs! Only problem is that project is not maintained anymore, doesn't support HTTPS redirect, and I'm sure getting that old code to work on a newer Linux server would be a headache.
Then I stumbled upon
Configuring Wired Profile for Guest Access, Cisco Wireless Controller Configuration Guide, Release 7.6 - Configuring Wired Guest Access [Cisco Wireless LAN Controller Software], and
How to have captive portal for wired uses only on one vlan on a trunk link?. This got me thinking: "what if I get the cheapest Aruba InstantOn switch, Aruba Mobility Controller, or Cisco WLC, punt my wired guest networks into it at layer2, and just use that as a wired guest captive portal appliance?" Obviously there'd be licenses to buy and some router-on-a-stick style pain associated with doing this, but I'm curious if anyone's had a good experience running wired guest captive portals on wireless controllers? If so, I'm even more curious if you find it to be a more graceful solution than all the
Cisco ISE 3 + ArubaOS-Switch Wired Guest Captive Portal chaos.
Cheers,
Tom