Occasional Contributor II

Captive Portal Session ACL - Logon User Role

Hello all, first, thanks for the excellent community!


I am trying to understand the purpose of the 'CaptivePortal' Session ACL that is assigned to the 'Logon' user role. 


I understand that the CaptivePortal ACL will redirect the client to the controller for captive portal functionality. So I understand why it would be assigned to a 'CaptivePortal-Guest-Logon' user role. I however dont know why it would be assigned to the 'Logon' role when this role typically wouldnt be used for Captive Portal. 


Secondly, since it is configured, why arent all my clients being sent to the Captive Portal when they are in the AAA Initial Role? I am glad they are not and 802.1x backend does process normally and they are properly placed in the 802.1x Authentication Default Role. 


I cannot figure out why normal (non-guest) clients are not being intercepted by this ACL and redireced to the Captive Portal. My assumption is that EAP processing is taking place while in the Intial Role which bypasses these ACL's therefor EAP traffic is not subject to the redirect. 


I am just trying to get a thorough understanding of the process. There is nothing wrong here! 


Thanks in advance!

Guru Elite

Re: Captive Portal Session ACL - Logon User Role

The initial role is not used with 802.1X. 

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Captive Portal Session ACL - Logon User Role

That makes sense. I was thinking all the roles were processed in order with each one over-riding the previous one and ending with the derivation rules if comfigured. I am glad I asked. Thanks for the quick reply!

Search Airheads
Showing results for 
Search instead for 
Did you mean: