Security

Hello everyone,

I was wondering if it's possible to redirect an user to a captive portal after an user connects to an SSID and fails to perform an 802.1X authentication. 

I think no, but maybe I'm wrong.

Thank very much for your help !

Are you using this with machine + user authentication? You can certainly provide a different User Role if the User Authentication has failed. What is currently doing the authorisation for the client? Is it CPPM or a RADIUS server?

Hello ! Thank you very much for your reply. Today, there is nothing. I'm just wondering if there is a way to do it. 

The custumer would like one SSID for the employee. if the guest connect to the same SSID and can't perform a 802.1X authentication, then he's redirected to a captive portal. 

We'd have to assume that the RAIDUS server is sending a reject.

The problem is that the client will not be able to obtain an association to the SSID until some form of authentication has occurred. You would need a form of association in order to display the Captive Portal but this wouldn't have occurred you have not passed the authentication.  

I'd consider in the first case separating the Guest traffic entirely. To my knowledge even CPPM can't take action from a 802.1X deny/reject.

Can it be done with a wired connection? I am looking to do this with a Cisco 2960X switch and ClearPass 6.7.9.