Does anyone have an end to end configuration guide to set up a captive portal with ClearPass for MAC authentication on an AOS-S switch. I am currently working on setting this up on a 2930F and have been able to get the CPPM certificate installed on the switch. We have the switch configured for port-access authenticator and port-access Mac-based and we are successfully getting both authentications to ClearPass. We are using DUR enforcement profiles for both 802.1x and MAC auth and those are all testing successful.
I am trying to set up a default enforcement that will send users to the captive portal and seem to be missing a piece. I am trying to understand what enforcement to send to the client when they first connect in order to get the captive portal page. Once they login, should the enforcement send a COA and then send the user role that allows the Internet access?
Any help on this part would be greatly appreciated.
check the AOS-S section of wired enforcement technote
I have been through the wired enforcement document but still feel like there are a couple pieces missing. I see that the ip classes are defined and added to the policy, and the policy has been applied to the user role named SPLASH. I can't quite figure out where to configure the actual URL that the client should be directed to?
Assuming you are doing downloadable User Role (DUR) , you need to create another DUR enforcement profile for guest-redirection
hope this helps
Hi, another way to do it if you don't send the captive portal profile from Clearpass would be like this:
### Define the captive portal in the switch assuming the FQDN is clearpass.domain.com and the page for login is: wired-guest.php ###
aaa authentication captive-portal enableaaa authentication captive-portal profile "captive-guest-redirect" url "https://clearpass.domain.com/guest/wired-guest.php"
aaa authorization user-role name SPLASH
I hope this helps
© Copyright 2024 Hewlett Packard Enterprise Development LPAll Rights Reserved.