Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Guest Captive portal authentication with vlan assignment

This thread has been viewed 3 times

  • 1.  ClearPass Guest Captive portal authentication with vlan assignment

    Posted Oct 18, 2016 04:19 PM

    I am running into an issue where I have a successful authentication with clearpass guest, user connects to guest SSID --> redirect to captive portal --> user successfully is authenticated, assigned roles and enforcement policies.  However, the enforcement policies access tracker shows that the output of the radius request is to switch user vlan to 400, when looking on the controller this doesn't happen the user stays in the default vlan.



  • 2.  RE: ClearPass Guest Captive portal authentication with vlan assignment

    EMPLOYEE
    Posted Oct 18, 2016 04:40 PM

    That is because the client does not re-dhcp, because it cannot tell that the underlying vlan has changed.  There are some ways to possibly do this like having a super-short DHCP lease (seconds), but most people abandon trying to do this with a captive portal.  802.1x on the other hand only assigns a vlan after authentication, so it is the perfect place to change or assign vlans after authentication.



  • 3.  RE: ClearPass Guest Captive portal authentication with vlan assignment

    Posted Oct 18, 2016 06:27 PM

    Thanks for the reply, my client is not in a hurry at the moment so I am going to explore the dhcp lease option with a few other things I have been labbing out.  Will post follow up with results at a later date.



  • 4.  RE: ClearPass Guest Captive portal authentication with vlan assignment

    Posted Oct 20, 2017 11:40 AM

    Hi.jwilson.

     

     

    Could you share your ClearPass config to do the VLAN assignment please?