Security

Hello,

I have a question and I hope to some help because I am new with clearpass. I have succeded to create a wired web authentication service witch cisco switch. So if dot1x authntication and mac authentication fails then the user is regarded to be  guest and is redirected to clearpass captive portal where is successfully authenticated and he receives a guest vlan with guest ip address.

In addition if instead of using guest credentials at captive portal he uses AD credentials then he receives the proper vlan (where the user belongs to) but the ip address of the user remains the same - quarantine/guest vlan ip address. It cannot  be changed. Do you have any idea how to overcome this issue?

the general approach here is for ClearPass to send back a different VLAN to the switch followed by a switch port bounce.
so you need to have a enforcement profile to send the appropriate VLAN. followed by a Cisco port bounce which is one of the default enforcement profiles that are available in clearpass.




------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Jul 05, 2022 05:26 PM
From: athanasios papakonstantinou
Subject: Clearpass Web Authentication with AD Credentials

Hello,

I have a question and I hope to some help because I am new with clearpass. I have succeded to create a wired web authentication service witch cisco switch. So if dot1x authntication and mac authentication fails then the user is regarded to be  guest and is redirected to clearpass captive portal where is successfully authenticated and he receives a guest vlan with guest ip address.

In addition if instead of using guest credentials at captive portal he uses AD credentials then he receives the proper vlan (where the user belongs to) but the ip address of the user remains the same - quarantine/guest vlan ip address. It cannot  be changed. Do you have any idea how to overcome this issue?