Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass and aruba switch captive portal redirect

This thread has been viewed 9 times

  • 1.  ClearPass and aruba switch captive portal redirect

    Posted Feb 15, 2020 09:02 AM

    Hello,

     

    I have configured a vlan for wired guest on a L3 core switch (2930M 16.08). Port-access (EAP or MAC) authentification for unknown Mac or user push a guest policy with portal redirection.I have an IP address on my guest Vlan and guest PC are correctly redirect to CPPM Guest portal.

    Everything works great.

     

    But, as my L3 core switch has several ip interface (user vlan, server vlan, etc), i think it would be secure to disable L3 routing on guest vlan interface, to avoid nasty guest to change their default route from my firewall DMZ IP (managing guest access to Internet) to the switch vlan guest interface IP to get access to my whole lan.

     

    As i add command "disable layer3" in interface vlan guest, i can't get redirection to my captive portal anymore.

     

    Is there a spécial command to disable routing while keeping redirect to work?

     

    Regards

     



  • 2.  RE: ClearPass and aruba switch captive portal redirect
    Best Answer

    Posted Feb 15, 2020 05:45 PM

    Have you thought about using user roles with a guest acl? I think that suits better. 



  • 3.  RE: ClearPass and aruba switch captive portal redirect

    Posted Feb 17, 2020 08:37 AM

    Hi,

     

    Yes i finally add an ACL to block RFC1918 for guests.

    I was thinking i could be possible to isolate a vlan from routing with another like on ArubaOS Wifi controllers.

    Maybe one day...

     

    Thank you