Security

 View Only
last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass Hotspot Capability

This thread has been viewed 29 times
  • 1.  Clearpass Hotspot Capability

    Posted Jan 18, 2023 11:22 AM
    Hi all,

    It's my first post :)

    I really need to know that can we redirect older switches which do not understand  "Captive-Portal-URL" link to Clearpass self-registration page ?

    Other NAC solutions can do that like L2-Hotspot devices. You just assign client a specific vlan and in this vlan NAC solution just intervene thus redirect to their captive portal login page.

    ------------------------------
    ACMX #1361 | AASX
    ------------------------------


  • 2.  RE: Clearpass Hotspot Capability

    MVP GURU
    Posted Jan 18, 2023 11:34 AM
    What kind of switches?

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 3.  RE: Clearpass Hotspot Capability

    Posted Jan 18, 2023 01:45 PM
    Hi Dustin,

    In recent scenario, customer has 2910 Al switch, before that it was 2848. I am talking about non-AOS S and non-AOS CX.

    But my question is can Clearpass act as L2-Hotspot and redirect non-capable switches to registration page. If it does, it will be game changer for me thus customer can't complain that other NAC solutions can do that.


  • 4.  RE: Clearpass Hotspot Capability

    MVP GURU
    Posted Jan 18, 2023 01:58 PM
    ClearPass would not be the device to re-direct the device to a portal. That is on the switch by either using role assignment with a captive portal ACL, just ACLs, or some other type of redirection method. Basically you need something that will take the web traffic from the device, and destination NAT it to the ClearPass hosted page. The login will be entered on the ClearPass hosted page, but then sent to the NAD, and the NAD will send the credentials back to ClearPass to hit the login service.

    ------------------------------
    Dustin Burns

    Lead Mobility Engineer @Worldcom Exchange, Inc.

    ACCX 1271| ACMX 509| ACSP | ACDA | MVP Guru 2022-2023
    If my post was useful accept solution and/or give kudos
    ------------------------------



  • 5.  RE: Clearpass Hotspot Capability

    Posted Jan 18, 2023 02:27 PM
    Hi Dustin,

    Don't mind that I said Clearpass redirects client traffic, it was mistelling. 

    I know how to configure AOS-S and AOS-CX switches to redirect web page(user-role,policy,acl etc.) but do not know how to configure Procurve switches like 2910 Al and 2848. I couldn't find in access security guides.

    Could you tell me is there a way to redirect with older switches ? 

    ACMX #1361 | AASX | ACCP