Security

Reply
Highlighted
New Contributor

Some (authenticated) 802.1x users are being redirected to a captive portal

A few of our wireless users are seeing this message throughout the day on our authenticated WiFi SSID. Does anyone know why this might be happening?

From a security point of view, if someone is successfully connected via 802.1x why would they suddenly be dropped into a logon role? The default role for our employee SSID is "authenticated".

Screen Shot 2019-07-02 at 1.42.02 PM.png

Highlighted
Guru Elite

Re: Some (authenticated) 802.1x users are being redirected to a captive portal

Find out what role those users are ending up in and why.

 

Type "show user-table ip <ip address of user>"

 

The output will tell you how the user obtained that vlan and role:

 

Name: employee IP: 192.168.1.188, MAC: 3c:28:6d:05:c2:c9, Age: 00:00:27
Role: authenticated (how: ROLE_DERIVATION_DOT1X), ACL: 88/0
Authentication: Yes, status: successful, method: 802.1x, protocol: EAP-PEAP, server: ClearPass
Authentication Servers: dot1x authserver: ClearPass, mac authserver:
Bandwidth = No Limit
Bandwidth = No Limit
Role Derivation: ROLE_DERIVATION_DOT1X
VLAN Derivation: Default VLAN


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: