Wireless Access

Reply
Highlighted
Contributor I

APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Hi all,

 

I understand that the basic captive portal authentication isn't supported in Bridge Mode because the captive portal page is hosted by the controller. However should this work with ClearPass?

 

Many thanks


Accepted Solutions
Highlighted
Moderator

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Captive portal in general is not possible in bridge mode.


Thanks,
Tim


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

I don't think so.  The controller still needs to hijack the DNS and redirect the client to the portal, whether it is hosted internally or externally on Clearpass.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Highlighted
Moderator

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Captive portal in general is not possible in bridge mode.


Thanks,
Tim


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Contributor I

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Thank you guys! Much appriciated!

 

 

Highlighted
Occasional Contributor II

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Hi,

 

Do you mean when locally deployed, it is possible it just depends on your underlying network and connectivity.

Highlighted
Guru Elite

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Captive Portal is not possible when the forwarding mode is bridged.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Well seems like then the limitation is with the Aruba. I managed to get it working with aruba IAP's, juniper WLA in bridge mode, Meru AP's in bridge mode. Both the controller and the CPPM was located in a DC with bidging enabled in all these product vendors.

Highlighted
Moderator

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Yes, captive portal works in bridge on the Instant architecture. If you absolutely need bridge captive portal, Instant is the way to go. 

Best practice design with controllers is tunnel. 

Sent from Nine


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP Expert

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Hi,

Yes it works on Instant architecture, but it also works with other vendors controllers and bridge architecture.
Big limitation on Aruba controllers :(

Regards,
Julián
Highlighted
Frequent Contributor II

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

This still appears to be a limitation? We rolled out ClearPass Guest last year, and just completed the rollout to all remote sites using Cisco APs in FlexConnect mode with local switching, and the Cisco APs handle the CoA captive portal redirect just fine. Now we are looking at Aruba wireless, but we won't be able to do the same thing?

 

The goal is to drop guest users onto local remote site VLANs to egress to the Internet from the local firewall rather than traversing VPN. Remote sites do not have their own controllers. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: