Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Guest wired Authentication with captive portal

This thread has been viewed 20 times

  • 1.  Guest wired Authentication with captive portal

    Posted Mar 04, 2020 03:50 PM

    hello guys ,

     

    i have a question for (guest user) as a customer want to configure a Wired authentication with captive portal from clearpass , i don't have idea about its configuration actually , hope to advise me .

    thanks ^_^



  • 2.  RE: Guest wired Authentication with captive portal

    Posted Mar 04, 2020 03:55 PM
    What switch type ?

    Sent from Mail for Windows 10


  • 3.  RE: Guest wired Authentication with captive portal

    Posted Mar 04, 2020 04:03 PM

    hi victor ,  aruba switch 2920



  • 4.  RE: Guest wired Authentication with captive portal

    Posted Mar 05, 2020 10:09 AM

    ACLs

    class ipv4 "ALLOW-CLEARPASS-ACL"
    10 match tcp 0.0.0.0 255.255.255.255 <CLEARPASS-IP> 0.0.0.0 eq 80
    20 match tcp 0.0.0.0 255.255.255.255 <CLEARPASS-IP> 0.0.0.0 eq 443

    exit

    class ipv4 "ALLOW-DNS-ACL"
    10 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 53
    exit
    class ipv4 "ALLOW-DHCP-ACL"
    10 match udp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 67
    exit

    exit
    class ipv4 "ALLOW-HTTP_HTTPS-ACL"
    10 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 80
    20 match tcp 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 eq 443

    exit

     

    Captive Portal Policy
    policy user "CAPTIVE_PORTAL-REDIRECT-POLICY"
    10 class ipv4 "ALLOW-DHCP-ACL" action permit
    20 class ipv4 "ALLOW-DNS-ACL" action permit
    30 class ipv4 "ALLOW-CLEARPASS-ACL" action permit
    40 class ipv4 "ALLOW-HTTP_HTTPS-ACL" action redirect captive-portal

    exit

     

    URL Profile

    aaa authentication captive-portal profile "CAPTIVE-PORTAL-PROFILE" url "<clearpass-url>"

     

    Captive Portal User-Role

    aaa authorization user-role name "CAPTIVE-PORTAL-ROLE"
    captive-portal-profile "CAPTIVE-PORTAL-PROFILE"
    policy "CAPTIVE_PORTAL-REDIRECT-POLICY"
    reauth-period 28800

     

    Make sure you return the "CAPTIVE-PORTAL-ROLE" from ClearPass



  • 5.  RE: Guest wired Authentication with captive portal

    Posted Jun 16, 2022 10:58 AM
    Hi Victor,

    Is it possible to have a similar solution for a Juniper Networks EX switch? In my case, this guest access switch is going to be connected to Clearpass through an MPLS network, can you advise if is a feasible scenario? External captive portal will be provided in the cloud

    Kind Regards

    Juan
    Original Message