The Captive Portal feature allows the support of the ClearPass Policy Manager (CPPM) into the ArubaOS-Switch product line. The switch provides configuration to allow you to enable or disable the Captive Portal feature. By default, Captive Portal is disabled to avoid impacting existing installations as this feature is mutually exclusive with the following web-based authentication mechanisms: Web Authentication, EWA, MAFR, and BYOD Redirect.
Captive Portal is user-based, rather than port or VLAN-based, therefore the configuration is on a switch global basis. ArubaOS-Switch supports the following authentication types on the switch with RADIUS for Captive Portal:
-
Media Access Control (MAC)
-
802.1X
Once you enable Captive Portal, the redirect functionality is triggered only if a redirect URL attribute is provided as part of the RADIUS Access-Accept response from an authentication request of type 802.1X or MAC. The redirect enables the client to self-register or directly login with valid credentials via the CPPM. Upon subsequent re-authentication, it provides access to the network per the CPPM configured policies that are communicated via the RADIUS attributes.
-
Client self-registration
-
Client direct login with valid credentials via CPPM Captive Portal
-
On-boarding
-
Ability to quarantine devices to remedy their status
More information
| HPE Switch Software Advanced Traffic Management Guide |
| ArubaOS User Guide |
| Aruba Networks ClearPass Policy Manager User Guide |
-
HTTPS support requires a certificate to be configured on the switch with a usage type of
allorcaptive-portal. -
If you are running HPE 5400 Series v2 modules, you must turn off the compatibility mode with the following command:
switch(config)# no allow-v1-modulesThis will ensure that the switch will only power up with the v2 modules.