Wireless Access

Reply
Highlighted
New Contributor

Captive portal bypass

I have the need to allow Amazon Echo devices to use guest wireless which is a Captive Portal, onto the Guest wireless without using the Captive Portal, is this possible? Has anyone accomplished this?

Highlighted
Super Contributor I

Re: Captive portal bypass

You could enable MAC Authentication on Guest Wireless. Then devices connecting with try and MAC-Auth first, and then perform Captive Portal.

If you are using ClearPass, you can create a new service to process MAC Authentications coming from the same SSID, and you can either use a static host list, or use the Guest Device Repository to provision the devices.

Dustin Burns
Senior Mobility and Access Engineer @WEI
ACMX#509 | ACCP | ACSA | ACDA | ACEA | CCNP | CCDP | CCNA Wireless

If my post address your queries, give kudos and accept as solution!
Highlighted
New Contributor

Re: Captive portal bypass

So in either of those scenarios I would need to know the mac addresses? or do you know if there is a way to profile echo devices.

Highlighted

Re: Captive portal bypass

ClearPass has a profiling capability within a service, that may be able to distinguish Echo's from other devices. I would connect an Echo and take a look at how it is profiled. I would also look at the Access Tracker details for the Echo to see if there are attributes that would allow you to distinguish them from other devices. If you are able to profile them, or find something unique about them, then you can use those attributes or fingerprint as logic in the enforcement policy that would result in a unique enforcement profile for the Echo devices.

 

I hope this helps,

David
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book

--Give Kudos if you found something helpful, important, or cool.
--Problem Solved? Click "Accepted Solution" in a post.
Highlighted

Re: Captive portal bypass

I just found this in the fingerprint database on a ClearPass 6.8.4.120034 server.

 

I hope this helps,Screen Shot 2020-02-18 at 5.30.19 PM.png

David
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book

--Give Kudos if you found something helpful, important, or cool.
--Problem Solved? Click "Accepted Solution" in a post.
Highlighted
New Contributor

Re: Captive portal bypass

So adding that as an additional authentication source is all I would do?

 

 

 

Highlighted

Re: Captive portal bypass

If you are validating each MAC address individually, you would use MAC authentication, if you are fingerprinting and using profiling, then you would enable profiling and authorization in the service and do authorization based on the fingerprint. I don't have any specific examples to show you but you should be able to find something online or maybe someone else has one that they can share with you.

 

I hope this helps,

David
Sr. Trainer and Author of "Understanding ArubaOS: Version 8.x" book

--Give Kudos if you found something helpful, important, or cool.
--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: