Security

Reply
Highlighted
New Contributor

Bounce switch port after wired captive portal login

We have configured a Captive Portal to be used for Wired Guest access with MAC Caching. When a new device (a device with no entry in the Endpoint Repository) connects to the network they are presented with the captive portal and clicking on the Connect button proceeds to the login page with a countdown of 30 seconds. During this time the switch port is bounced and after the countdown the guest is directed to the original page they requested. From this point on the guest is using MAC authentication which is valid until midnight. This is working well.

 

If the same guest returns the next day and plugs into the network they once again get the captive portal. This time when they click on the Connect button and get the login page, the switch port is not bounced and MAC authentication does not happen. At this point the guest receives the captive portal again (and again, and again). A manual bounce of the switch port or a disconnect and reconnect of the guest device does get the correct role and can use the network services.

 

Does anyone have any ideas or recommendations for solving the switch bounce problem. We are using CPPM v6.8.2 and Aruba 2930M switches using  WC.16.08 software.

Highlighted
MVP

Re: Bounce switch port after wired captive portal login

You sould be able to find some insight into the event by looking at the CPPM Access Tracker page for the login event and see what roles and enforcement policies are applying.

It can be confusing to work through what CPPM is 'thinking' but that's where the answer will be.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Highlighted
MVP Expert

Re: Bounce switch port after wired captive portal login

Did you enabled CoA?

radius-server host key
radius-server host dyn-authorization
radius-server host time-window plus-or-minus-time-window
radius-server host time-window 30 or 0

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Highlighted
New Contributor

Re: Bounce switch port after wired captive portal login

Hi Matthew,

 

Thank you for the reply. In both cases (bounced and no bounce) Access Tracker states the [ArubaOS Switching - Bounce Switch Port] is included in the Enforcement Profiles and 'Radius:Hewlett-Packard-Enterprise:HPE-Port-Bounce-Host 12' is listed in the Output.

 

However you may have pointed me in the right direction. On the successful logins when the bounce does not work there is an alert related to an SQL statement with the attributes for MAC caching.

 

Thank you.

Highlighted
New Contributor

Re: Bounce switch port after wired captive portal login

Hi Victor,

 

I went back to verify those switch options and they are configured as you noted (time window = 30).

 

Highlighted
MVP

Re: Bounce switch port after wired captive portal login

Check the service it hits and see if this results in ClearPass sending the desired Enforcement Profile. If not, check the attributes to understand why.

If you are sending the Disconnect and it is not triggered there is list of possibilities and would be best to figure it out with TAC.

Any reason you are using server initiated login for guest?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: