I will give you an example of how I have a port set up. It is set up for both 802.1x, and for mac-auth as a backup. You can change the auth order and priority to macauth over 802.1x if needed.
vid are vlans you assign for auth or unauth vlans. You can have clearpass override those with enforcement policies.
aaa server-group radius "ARUBA-RADIUS" host 192.168.1.199
aaa server-group radius "ARUBA-RADIUS" host 192.168.1.200
aaa accounting update periodic 3
aaa accounting network start-stop radius
aaa authentication port-access eap-radius server-group "ARUBA-RADIUS"
aaa authentication mac-based chap-radius server-group "ARUBA-RADIUS"
aaa port-access authenticator 1
aaa port-access authenticator 1 quiet-period 30
aaa port-access authenticator 1 tx-period 5
aaa port-access authenticator 1 supplicant-timeout 10
aaa port-access authenticator 1 max-requests 10
aaa port-access authenticator 1 auth-vid 10
aaa port-access authenticator 1 unauth-period 10
aaa port-access authenticator 1 logoff-period 862400
aaa port-access authenticator 1 client-limit 32
aaa port-access authenticator active
aaa port-access mac-based 1
aaa port-access mac-based 1 addr-limit 32
aaa port-access mac-based 1 addr-moves
aaa port-access mac-based 1 logoff-period 862400
aaa port-access mac-based 1 quiet-period 30
aaa port-access mac-based 1 max-requests 10
aaa port-access mac-based 1 auth-vid 10
aaa port-access mac-based 1 unauth-vid 200
aaa port-access 1 controlled-direction in
aaa port-access 1 auth-order authenticator mac-based
aaa port-access 1 auth-priority authenticator mac-based
------------------------------
Dustin Burns
Lead Mobility Engineer @Worldcom Exchange, Inc.
ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
------------------------------
Original Message:
Sent: Jan 21, 2022 04:19 PM
From: Amr Abo Hashima
Subject: Wired Captive portal
hi dustin
okay i will test it but for the port configuration what should it be ?
------------------------------
Amr Abo Hashima
Original Message:
Sent: Jan 21, 2022 03:41 PM
From: Dustin Burns
Subject: Wired Captive portal
have you added The following?
aaa authentication captive-portal profile CAPTIVE_PORTAL-REDIRECT-POLICY url <URL for Captive Portal Page>
aaa authentication captive-portal enable
dot1x does not need to be enabled on the client for a captive portal login to work.
------------------------------
Dustin Burns
Lead Mobility Engineer @Worldcom Exchange, Inc.
ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
If my post was useful accept solution and/or give kudos
Original Message:
Sent: Jan 21, 2022 02:55 PM
From: Amr Abo Hashima
Subject: Wired Captive portal
hi all
I want to know how to configure a wired captive portal for Guest on Aruba Switches 2930M and CPPM, the policy from cppm will be web-based authentication ,
but i don't know the configuration I should apply on the switch to redirect the guest to the Cppm page like the aaa command to force the redirection and specify the ports for that role and the redirection profile and URL, I mean the switch configuration to do that.
and another question: can the switch direct the guest to the page without enabling 802.1x on the endpoint?
thank you
------------------------------
Amr Abo Hashima
------------------------------