Security

Hi,

Is it possible to delay a policy execution on CPPM or delay captive portal redirection on AOS ?

I have randomly some computers witch are going on a partner profile when starting up or getting out of standby mode is too long. 802.1X authentication seems executing to fast or not retrying enough to apply policy 1 and goes to policy 3.

My CPPM configuration :

Policy 1 : 802.X for Employee local USER-ROLE
Policy 2 : Mac authentication for printers and other assets
Policy 3 : Captive portal for Partner local USER-ROLE

Captive portal configuration on AOS Switch :

aaa authentication captive-portal enable
aaa authentication captive-portal profile "CAPTIVE_PORTAL" url "Personnal URL"

AAA port-access configuration on AOS Switch :

aaa port-access authenticator 1
aaa port-access authenticator 1 tx-period 10
aaa port-access authenticator 1 supplicant-timeout 10
aaa port-access authenticator 1 reauth-period 60
aaa port-access authenticator 1 client-limit 2
aaa port-access mac-based 1
aaa port-access mac-based 1 addr-limit 2
aaa port-access 1 auth-order authenticator mac-based
aaa port-access 1 auth-priority authenticator mac-based

Thank's for your help.

Can you try to take out the auth-order and auth-priority? By default, AOS-Switch does concurrent 802.1X and MAC and if there is a MAC auth first, then the client does an 802.1X, that will take over. In most cases, the default is fine and setting/changing auth-order is not needed.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jul 28, 2022 02:58 AM
From: Benoit DAVID
Subject: Need to delay CPPM Captive portal policy on 2530 and 2930 AOS

Hi,

Is it possible to delay a policy execution on CPPM or delay captive portal redirection on AOS ?

I have randomly some computers witch are going on a partner profile when starting up or getting out of standby mode is too long. 802.1X authentication seems executing to fast or not retrying enough to apply policy 1 and goes to policy 3.

My CPPM configuration :

Policy 1 : 802.X for Employee local USER-ROLE
Policy 2 : Mac authentication for printers and other assets
Policy 3 : Captive portal for Partner local USER-ROLE

Captive portal configuration on AOS Switch :

aaa authentication captive-portal enable
aaa authentication captive-portal profile "CAPTIVE_PORTAL" url "Personnal URL"

AAA port-access configuration on AOS Switch :

aaa port-access authenticator 1
aaa port-access authenticator 1 tx-period 10
aaa port-access authenticator 1 supplicant-timeout 10
aaa port-access authenticator 1 reauth-period 60
aaa port-access authenticator 1 client-limit 2
aaa port-access mac-based 1
aaa port-access mac-based 1 addr-limit 2
aaa port-access 1 auth-order authenticator mac-based
aaa port-access 1 auth-priority authenticator mac-based

Thank's for your help.