Great, turning off any other network interfaces to the laptop, was going to be my next troubleshooting step. Glad that was the fix.
Keep in mind "authenticated" is an allow-all role - may be worth exploring a new role if indeed these students are getting a bit crafty with your LAN.
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
------------------------------
Original Message:
Sent: Feb 27, 2024 11:55 AM
From: OESTech
Subject: logon role pops up captive portal on 802.1 PSK Wi-Fi
My mistake. Authenticated role is fine. The reason it was working in my testing is because this laptop had other working SSID so it had an Internet connection. The correct role for initial role is Authenticated, or whatever you want the user to have after authentication. Thank you.
Original Message:
Sent: Feb 27, 2024 10:17 AM
From: OESTech
Subject: logon role pops up captive portal on 802.1 PSK Wi-Fi
Hi. Thanks for the reply. No, I've even set this Wi-Fi up with the wizard several times. I'm selecting "Employee" as the type.
I tried setting the initial role as "authenticated." That works, the captive portal window doesn't come up. But I also noticed I have full access even before I authenticate. I can connect to my new SSID, minimize the authentication window, and just access the Internet. I was hoping to plug up this hole. I work at a school- the students are basically hackers looking for vulnerabilities (I say this in a playful way, but it's kinda true.)
The "logon" role is built-in I believe. We might have made changes to it over the years. I'll experiment with creating a new initial role and see what I can find.
Original Message:
Sent: Feb 26, 2024 06:20 PM
From: 802.zak
Subject: logon role pops up captive portal on 802.1 PSK Wi-Fi
This is a WPA2 PSK Network? Did you maybe select "Guest" in the Wizard?
Either way - You should create a new role without the L3 Captive Portal Config or change the role to "authenticated" for a basic allow-all role.
------------------------------
If my post was useful, please Accept Solution and Give Kudos.
------------------------------
Zak Chalupka
Principal Engineer - HPE Aruba
ACDX | ACMP | ACSP | ACCP
wifizak@hpe.com
------------------------------
Ideas expressed here are solely my own and not necessarily that of HPE Aruba.
Original Message:
Sent: Feb 26, 2024 04:54 PM
From: OESTech
Subject: logon role pops up captive portal on 802.1 PSK Wi-Fi
Hi,
I'm using an Aruba wireless cluster on AOS 8.7.1.9.
I setup a simple 802.1-personal Wi-Fi for an event that is coming up on campus. I used the create WLAN wizard to set it up. The wizard setup an AAA profile with the initial role set to "logon"
When I try to connect to this new SSID, after I login I get a Clearpass captive portal window that reads, "Web authentication is disabled.". I looked at the logon role and it's set to "No captive portal."
Can anyone think of why it's launching the Clearpass captive portal window when I try to log in? If I close the captive portal window I can see my client is connected, but still in the "logon" role.
Thanks