Captive Portal for ClearPass

The Captive Portal feature allows the support of the ClearPass Policy Manager (CPPM) into the ArubaOS-Switch product line. The switch provides configuration to allow you to enable or disable the Captive Portal feature. By default, Captive Portal is disabled to avoid impacting existing installations as this feature is mutually exclusive with the following web-based authentication mechanisms: Web Authentication, EWA, MAFR, and BYOD Redirect.

Captive Portal is user-based, rather than port or VLAN-based, therefore the configuration is on a switch global basis. ArubaOS-Switch supports the following authentication types on the switch with RADIUS for Captive Portal:

  • Media Access Control (MAC)

  • 802.1X

Once you enable Captive Portal, the redirect functionality is triggered only if a redirect URL attribute is provided as part of the RADIUS Access-Accept response from an authentication request of type 802.1X or MAC. The redirect enables the client to self-register or directly login with valid credentials via the CPPM. Upon subsequent re-authentication, it provides access to the network per the CPPM configured policies that are communicated via the RADIUS attributes.

The redirect feature offers:

  • Client self-registration

  • Client direct login with valid credentials via CPPM Captive Portal

  • On-boarding

  • Ability to quarantine devices to remedy their status

More information
HPE Switch Software Advanced Traffic Management Guide
ArubaOS User Guide
Aruba Networks ClearPass Policy Manager User Guide

Requirements

  • HTTPS support requires a certificate to be configured on the switch with a usage type of all or captive-portal.

  • If you are running HPE 5400 Series v2 modules, you must turn off the compatibility mode with the following command:

    switch(config)# no allow-v1-modules

    This will ensure that the switch will only power up with the v2 modules.