Wired Intelligent Edge

 View Only
last person joined: 10 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Wired Captive portal

This thread has been viewed 20 times
  • 1.  Wired Captive portal

    Posted Jan 21, 2022 02:56 PM
      |   view attached
    hi all

    I want to know how to configure a wired captive portal for Guest on Aruba Switches 2930M and CPPM, the policy from cppm will be web-based authentication ,
    but i don't know the configuration I should apply on the switch to redirect the guest to the Cppm page like the aaa command to force the redirection and specify the ports for that role and the redirection profile and URL, I mean the switch configuration to do that.

    and another question: can the switch direct the guest to the page without enabling 802.1x on the endpoint?

    thank you

    ------------------------------
    Amr Abo Hashima
    ------------------------------

    Attachment(s)

    txt
    wired-cap2.txt   878 B 1 version


  • 2.  RE: Wired Captive portal

    MVP GURU
    Posted Jan 21, 2022 03:42 PM
    have you added The following?

    aaa authentication captive-portal profile CAPTIVE_PORTAL-REDIRECT-POLICY url <URL for Captive Portal Page>
    aaa authentication captive-portal enable


    dot1x does not need to be enabled on the client for a captive portal login to work.

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Wired Captive portal

    Posted Jan 21, 2022 04:20 PM
    hi dustin

    okay i will test it but for the port configuration what should it be ?

    ------------------------------
    Amr Abo Hashima
    ------------------------------



  • 4.  RE: Wired Captive portal

    MVP GURU
    Posted Jan 21, 2022 04:28 PM
    I will give you an example of how I have a port set up. It is set up for both 802.1x, and for mac-auth as a backup. You can change the auth order and priority to macauth over 802.1x if needed.
    vid are vlans you assign for auth or unauth vlans. You can have clearpass override those with enforcement policies.

    aaa server-group radius "ARUBA-RADIUS" host 192.168.1.199
    aaa server-group radius "ARUBA-RADIUS" host 192.168.1.200
    aaa accounting update periodic 3
    aaa accounting network start-stop radius
    aaa authentication port-access eap-radius server-group "ARUBA-RADIUS"
    aaa authentication mac-based chap-radius server-group "ARUBA-RADIUS"
    aaa port-access authenticator 1
    aaa port-access authenticator 1 quiet-period 30
    aaa port-access authenticator 1 tx-period 5
    aaa port-access authenticator 1 supplicant-timeout 10
    aaa port-access authenticator 1 max-requests 10
    aaa port-access authenticator 1 auth-vid 10
    aaa port-access authenticator 1 unauth-period 10
    aaa port-access authenticator 1 logoff-period 862400
    aaa port-access authenticator 1 client-limit 32
    aaa port-access authenticator active
    aaa port-access mac-based 1
    aaa port-access mac-based 1 addr-limit 32
    aaa port-access mac-based 1 addr-moves
    aaa port-access mac-based 1 logoff-period 862400
    aaa port-access mac-based 1 quiet-period 30
    aaa port-access mac-based 1 max-requests 10
    aaa port-access mac-based 1 auth-vid 10
    aaa port-access mac-based 1 unauth-vid 200
    aaa port-access 1 controlled-direction in
    aaa port-access 1 auth-order authenticator mac-based
    aaa port-access 1 auth-priority authenticator mac-based

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 5.  RE: Wired Captive portal

    Posted Jan 21, 2022 04:45 PM
    thank you Dustin I will test it

    ------------------------------
    Amr Abo Hashima
    ------------------------------



  • 6.  RE: Wired Captive portal

    Posted Jan 24, 2022 09:43 AM
    The user with a Web browser (HTTP client) to see a special Web page before being granted normal Internet access.

    ------------------------------
    Nash Ondricka
    ------------------------------