Contributor II

802.1X Wired "Guest" on Aruba Switch with Captive portal - Clearpass

I would like to know if it is feasible to do a 802.1X Wired Guest configuration with Captive Portal, that is to say that according to the configuration in the port I followed in the Wired Policy Enforcement, it first asks for username and password (without VLAN assignment or IP address) since I have it with User-role (DUR), there is way or that it is recommended that if the user does not exist or the credentials are errone you assign an "untrusted / Guest" vlan so that you can display a captive portal which is the "Guest" network with internet access, this by Wired in a network with Switch's Aruba and Clearpass; I already work with the 802.1X data network of employees, but I am planning the scenario where a "Guest" connects in a wired way.
Thank you.

Guru Elite

Re: 802.1X Wired "Guest" on Aruba Switch with Captive portal - Clearpass

A guest won't have credentials to use for 802.1X and will fall back to a captive portal.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: 802.1X Wired "Guest" on Aruba Switch with Captive portal - Clearpass

I already read "Guide wired policy enforcement" and according to my scenario with Switch's Aruba using Downloadables Roles (DUR) for 802.1X Employee and MAC Auth., I can not make a user who does not authenticate in the network is assigned another Vlan, I tried it with "Port-Bounce" and put another Profile but it does not work, or I do not know which is the best option to do this because if the user does not authenticate, "Authentication error" appears and does not assign an address IP since authentication is denied; I have the services "Wired-802.1X_WebAuth_MAC-Auth";

I have enabled in the "Captive Portal" switch and this configuration per port.
tagged vlan 102 (Voice Vlan)
    untagged vlan 1
    aaa port-access authenticator
    aaa port-access authenticator tx-period 10
    aaa port-access authenticator supplicant-timeout 10
    aaa port-access authenticator client-limit 30
    aaa port-access mac-based
    aaa port-access mac-based addr-limit 100

I hope you can help me, thanks.

Search Airheads
Showing results for 
Search instead for 
Did you mean: