Captive Portal for ClearPass

The Captive Portal feature allows the support of the ClearPass Policy Manager into the ArubaOS-Switch product line. The switch provides configuration to allow you to enable or disable the Captive Portal feature. By default, Captive Portal is disabled to avoid impacting existing installations as this feature is mutually exclusive with the following web-based authentication mechanisms: Web Authentication, EWA, MAFR, and BYOD Redirect.

Captive Portal is user-based, rather than port or VLAN-based, therefore the configuration is on a switch global basis. ArubaOS-Switch supports the following authentication types on the switch with RADIUS for Captive Portal:
  • Media Access Control (MAC)

  • 802.1X

Once you enable Captive Portal, the redirect functionality is triggered only if a redirect URL attribute is provided as part of the RADIUS Access-Accept response from an authentication request of type 802.1X or MAC. The redirect enables the client to self-register or directly login with valid credentials via the ClearPass. Upon subsequent re-authentication, it provides access to the network per the ClearPass configured policies that are communicated via the RADIUS attributes.

The redirect feature offers:
  • Client self-registration

  • Client direct login with valid credentials via ClearPass Captive Portal

  • On-boarding

  • Ability to quarantine devices to remedy their status