Security

Reply
Occasional Contributor II

Redirect to a captive portal after a 802.1X fail

Hello everyone,

 

I was wondering if it's possible to redirect an user to a captive portal after an user connects to an SSID and fails to perform an 802.1X authentication. 

 

I think no, but maybe I'm wrong.

 

 

Thank very much for your help !

 

Re: Redirect to a captive portal after a 802.1X fail

Are you using this with machine + user authentication? You can certainly provide a different User Role if the User Authentication has failed. What is currently doing the authorisation for the client? Is it CPPM or a RADIUS server?


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Redirect to a captive portal after a 802.1X fail

Hello ! Thank you very much for your reply. Today, there is nothing. I'm just wondering if there is a way to do it. 

 

The custumer would like one SSID for the employee. if the guest connect to the same SSID and can't perform a 802.1X authentication, then he's redirected to a captive portal. 

 

Re: Redirect to a captive portal after a 802.1X fail

We'd have to assume that the RAIDUS server is sending a reject.

 

The problem is that the client will not be able to obtain an association to the SSID until some form of authentication has occurred. You would need a form of association in order to display the Captive Portal but this wouldn't have occurred you have not passed the authentication.  

 

I'd consider in the first case separating the Guest traffic entirely. To my knowledge even CPPM can't take action from a 802.1X deny/reject.

 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Guru Elite

Re: Redirect to a captive portal after a 802.1X fail

for wireless, no you cannot.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: