Controllerless Networks

 View Only
  • 1.  IAP 6.3 WPA2-Enterprise with Portal

    Posted Jun 25, 2014 05:37 AM



    Since 6.2 it should be possible to add a captive portal after 802.1x auth, see



    Doing this, the CP is displayed (with just terms & conditions "Accept" - which is, what we want), but the CP is displayed again and again. Sure, because i stay inside this Role which enforces Portal Page again and again.


    Do i need to assign another role based on the new CP-"authentication"? But how to do this?


    Something like 

    set-role ???? contains accepted "rule-allow-all" 



    Any suggestions?


    Kind Regards



  • 2.  RE: IAP 6.3 WPA2-Enterprise with Portal

    Posted Jun 25, 2014 06:23 AM
    You would need a policy engine (like Clearpass) to be able to track whether the user has accepted the terms before.

  • 3.  RE: IAP 6.3 WPA2-Enterprise with Portal

    Posted Jun 25, 2014 06:30 AM

    Hi Tim,


    thanks for your very fast response.


    But what's the sense that Instant supports internal splash screen as Role-Action ("Enforce Captive Portal") when it's not usable?


    Is there a way to examine all values usable for role assignment?


    Kind Regards from Munich


  • 4.  RE: IAP 6.3 WPA2-Enterprise with Portal

    Posted Jun 25, 2014 08:07 AM

    Maybe I misunderstood your question.


    Are you saying the issue is that users are presented the captive portal every time they associate and you'd like them to only accept it once? 




    Are you saying that the users remain in the captive portal redirect during their session and can't do anything else?

  • 5.  RE: IAP 6.3 WPA2-Enterprise with Portal

    Posted Jun 25, 2014 08:24 AM

    Hi Tim,


    yes, the users are remaining in the Captive Portal. 


    My current goal is jus to reach a recurring captive portal as splash screen after every WLAN-Logon (with WPA2-Enterprise)...


    That a permanently save of "License accepted" flags requires ClearPass  is clear for me.


    Kind Regards


  • 6.  RE: IAP 6.3 WPA2-Enterprise with Portal

    Posted Jun 25, 2014 08:29 AM
    We'll have to wait and see what Marcus says. As far as I know, you cannot trigger a role change from a captive portal after an 802.1X authentication without a policy server that can do a RADIUS CoA.

    The only time I've used a captive portal after an 802.1X authentication to dead-end a user and show them a "contact the help desk" style page.