Security

Reply
Occasional Contributor II

Captive portal and L3 VLAN

We're trying to integrate our MDM solution with our existing ClearPass-authenticated wireless environment.  The idea is that when any device connects to our SSID, if it is not MDM-enabled (as identified by ClearPass), it is given a user role which forces redirection to a captive portal where it can be enrolled with the MDM solution.

 

The complication is that our wireless VLANs are not configured locally on the controller, but on the switches.  I understand that the (captive portal) VLAN where devices can enroll, should be configured locally on the controller.  However, for devices that are enrolled, we wish them to go straight to a VLAN that is not configured on the controller.  Is this possible?

Guru Elite

Re: Captive portal and L3 VLAN

If you're using bridge mode, captive portal is not possible.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Captive portal and L3 VLAN

The VAP is configured in split tunnel mode already.  My question is whether I can achieve this captive portal user role for non-MDM-enrolled devices without having the VLANs configured on the controllers?  The reason I ask is that each of our remote locations use the same VLAN ID, but have different subnets as defined on the local switches.

 

I should point at that I'm not using the captive portal for authentication, but for redirection to MDM enrollment page.

Guru Elite

Re: Captive portal and L3 VLAN

Yes. You'd use names VLANs and return the VLAN name.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: