Captive portal is a L-3 authentication which occurs after all L-2 authentication has been completed and user has got an IP address. Depending upon the configuration, he would need to enter the username / password or the email ID to pass the authentication.
We can have captive portal for wired clients also. For that, we must un-trust a wired port so that the traffic in it goes through authentication.
Environment : This article is valid for all Aruba controllers and code versions.
Network Topology : An Aruba controller with wired users.
Configure the following on the Aruba controller:
# config t
# interface g 1/0
# no trust
It will be authenticated according to the aaa profile mapped to aaa authentication wired:
# aaa authentication wired
#aaa profile wired captiveportal
We can also have authentication on a trunk port. In that case all the traffic no matter which Vlan it belongs to.
#config t
#int g 1/0
#switchport trunk
#no trust
If we want authentication only for one particular VLAN and not the other VLANs , we must do the following
a. Make the port trusted
2. untrust the Vlan where we want the authentication to take place
#config t
#int g 1/0
#switchport mode trunk
#trusted
#no trusted vlan 10
Now, vlan 10 traffic will go through authentication and rest of the traffic will be trusted and will not go through authentication.
To have authentication enabled on one vlan on a trunk link:
1. Trust the port:
#config t
#int g 1/0
#switchport mode trunk
#trusted
2. Then untrust the vlan where we want the authentication(captive portal ) to take place.
#no trusted vlan 10