Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Captive portal and L3 VLAN

This thread has been viewed 4 times

  • 1.  Captive portal and L3 VLAN

    Posted Mar 30, 2015 06:04 AM

    We're trying to integrate our MDM solution with our existing ClearPass-authenticated wireless environment.  The idea is that when any device connects to our SSID, if it is not MDM-enabled (as identified by ClearPass), it is given a user role which forces redirection to a captive portal where it can be enrolled with the MDM solution.

     

    The complication is that our wireless VLANs are not configured locally on the controller, but on the switches.  I understand that the (captive portal) VLAN where devices can enroll, should be configured locally on the controller.  However, for devices that are enrolled, we wish them to go straight to a VLAN that is not configured on the controller.  Is this possible?



  • 2.  RE: Captive portal and L3 VLAN

    EMPLOYEE
    Posted Mar 30, 2015 07:00 AM
    If you're using bridge mode, captive portal is not possible.


    Thanks,
    Tim


  • 3.  RE: Captive portal and L3 VLAN

    Posted Mar 30, 2015 07:46 AM

    The VAP is configured in split tunnel mode already.  My question is whether I can achieve this captive portal user role for non-MDM-enrolled devices without having the VLANs configured on the controllers?  The reason I ask is that each of our remote locations use the same VLAN ID, but have different subnets as defined on the local switches.

     

    I should point at that I'm not using the captive portal for authentication, but for redirection to MDM enrollment page.



  • 4.  RE: Captive portal and L3 VLAN

    EMPLOYEE
    Posted Mar 30, 2015 07:49 AM
    Yes. You'd use names VLANs and return the VLAN name.


    Thanks,
    Tim