Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

  • 1.  Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

    Posted Mar 07, 2018 03:53 PM

    Hi there

     

    I want to make mac-auth on aruba 2530 switch, with fallback to captive portal.

     

    I didn't find some detailed guide on how to accomplish that. I tried several ways, without success.

     

    Is there some guide on how I accomplish that?

     

    Thank you very much



  • 2.  RE: Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

    Posted Mar 07, 2018 04:02 PM
    Did you look at the ClearPass Solution Guide for Wired Policy Enforcement?


  • 3.  RE: Clearpass Captive-Portal with MAC-Auth - Configuration with Aruba 2530 Switch

    Posted Mar 08, 2018 04:31 PM

    Yes i did follow the guide - in my home lab i get it to work. I wanted to integrate this in the business network - but with the same config i didn't get it to work.

     

    The setup is like this:

    The Switch has configured a mgmt - VLAN (IP 172.31.20.20).

    On this switch  I configured these settings: (192.168.99.5 is the ip of the clearpass appliance)

    radius-server host 192.168.99.5 key "Secret"
    radius-server host 192.168.99.5 dyn-authorization
    radius-server host 192.168.99.5 time-window 0

     

    aaa authentication port-access chap-radius
    aaa authentication captive-portal enable
    aaa port-access mac-based 8

     

    Then the captive portal opens with some parameters (mac, ip, timestamp) in the url.

     

    In the office i get the captive portal, but without these parameters. Then I want to login and the message appears that not the required parameters were found.

     

    The switch at home and office is exact the same type and firmware. The only difference is that in the office the routing is much more complex - but all ports needed are open. I can also see the applied ACL on the switch.

     

    Are there some requirements that have to been met on switch side so that everything works?