Controllerless Networks

Reply
Highlighted
MVP Expert

Re: IAP-115 External captive portal

This example is using Guest with Mac Auth and you can configure Mac caching using the ClearPass templates 

 

Captive Portal Profile:

wlan external-captive-portal CPPM_GUEST-CP-PROFILE
server <ClearPass IP or DNS Name>
port 443
url "/guest/guest_registration_page.php"
auth-text ""
https

 

Roles:

wlan access-rule GUEST-ROLE
index 9
rule any any match udp 53 53 permit
rule any any match udp 67 68 permit
rule any any match tcp 80 80 permit
rule any any match tcp 443 443 permit

 

wlan access-rule GUEST-CP-ROLE
index 16
captive-portal external profile CPPM_GUEST-CP-PROFILE
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit

 

SSID Profile

wlan ssid-profile <ssid-name/profile>
disable
index 2
type guest
essid iap_cppm_guest_ssid
opmode opensystem
max-authentication-failures 0
vlan 101
auth-server <CPPM-SERVER>
set-role-pre-auth GUEST-CP-ROLE
set-role-mac-auth GUEST-ROLE
rf-band all
captive-portal external profile CPPM_GUEST-CP-PROFILE
mac-authentication
mac-authentication-delimiter :
hide-ssid
dtim-period 1
inactivity-timeout 1000
broadcast-filter arp
radius-accounting
radius-interim-accounting-interval 15
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64

 

Whitelist ClearPass servers:

lan walled-garden
white-list "<ClearPass server IP"

Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: