Security

Does anyone have an end to end configuration guide to set up a captive portal with ClearPass for MAC authentication on an AOS-S switch.  I am currently working on setting this up on a 2930F and have been able to get the CPPM certificate installed on the switch.  We have the switch configured for port-access authenticator and port-access Mac-based and we are successfully getting both authentications to ClearPass.  We are using DUR enforcement profiles for both 802.1x and MAC auth and those are all testing successful.  

I am trying to set up a default enforcement that will send users to the captive portal and seem to be missing a piece.  I am trying to understand what enforcement to send to the client when they first connect in order to get the captive portal page.  Once they login, should the enforcement send a COA and then send the user role that allows the Internet access?

Any help on this part would be greatly appreciated.

Thanks

check the AOS-S section of wired enforcement technote 

Does anyone have an end to end configuration guide to set up a captive portal with ClearPass for MAC authentication on an AOS-S switch.  I am currently working on setting this up on a 2930F and have been able to get the CPPM certificate installed on the switch.  We have the switch configured for port-access authenticator and port-access Mac-based and we are successfully getting both authentications to ClearPass.  We are using DUR enforcement profiles for both 802.1x and MAC auth and those are all testing successful.  

I am trying to set up a default enforcement that will send users to the captive portal and seem to be missing a piece.  I am trying to understand what enforcement to send to the client when they first connect in order to get the captive portal page.  Once they login, should the enforcement send a COA and then send the user role that allows the Internet access?

Any help on this part would be greatly appreciated.

Thanks

I have been through the wired enforcement document but still feel like there are a couple pieces missing.  I see that the ip classes are defined and added to the policy, and the policy has been applied to the user role named SPLASH.  I can't quite figure out where to configure the actual URL that the client should be directed to?

check the AOS-S section of wired enforcement technote 

Does anyone have an end to end configuration guide to set up a captive portal with ClearPass for MAC authentication on an AOS-S switch.  I am currently working on setting this up on a 2930F and have been able to get the CPPM certificate installed on the switch.  We have the switch configured for port-access authenticator and port-access Mac-based and we are successfully getting both authentications to ClearPass.  We are using DUR enforcement profiles for both 802.1x and MAC auth and those are all testing successful.  

I am trying to set up a default enforcement that will send users to the captive portal and seem to be missing a piece.  I am trying to understand what enforcement to send to the client when they first connect in order to get the captive portal page.  Once they login, should the enforcement send a COA and then send the user role that allows the Internet access?

Any help on this part would be greatly appreciated.

Thanks