Wireless Access

Reply
Contributor I

APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Hi all,

 

I understand that the basic captive portal authentication isn't supported in Bridge Mode because the captive portal page is hosted by the controller. However should this work with ClearPass?

 

Many thanks

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

I don't think so.  The controller still needs to hijack the DNS and redirect the client to the portal, whether it is hosted internally or externally on Clearpass.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Guru Elite

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Captive portal in general is not possible in bridge mode.


Thanks,
Tim

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Thank you guys! Much appriciated!

 

 

Occasional Contributor II

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Hi,

 

Do you mean when locally deployed, it is possible it just depends on your underlying network and connectivity.

Guru Elite

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Captive Portal is not possible when the forwarding mode is bridged.


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Well seems like then the limitation is with the Aruba. I managed to get it working with aruba IAP's, juniper WLA in bridge mode, Meru AP's in bridge mode. Both the controller and the CPPM was located in a DC with bidging enabled in all these product vendors.

Guru Elite

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Yes, captive portal works in bridge on the Instant architecture. If you absolutely need bridge captive portal, Instant is the way to go. 

Best practice design with controllers is tunnel. 

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

Hi,

Yes it works on Instant architecture, but it also works with other vendors controllers and bridge architecture.
Big limitation on Aruba controllers :(

Regards,
Julián
Contributor II

Re: APs in Bridge Mode and external server (ClearPass) for Captive Portal authentication?

This still appears to be a limitation? We rolled out ClearPass Guest last year, and just completed the rollout to all remote sites using Cisco APs in FlexConnect mode with local switching, and the Cisco APs handle the CoA captive portal redirect just fine. Now we are looking at Aruba wireless, but we won't be able to do the same thing?

 

The goal is to drop guest users onto local remote site VLANs to egress to the Internet from the local firewall rather than traversing VPN. Remote sites do not have their own controllers. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: