ExtremeControl

 View Only

 Users stuck in captive portal after registration

ahmed sharshar's profile image
ahmed sharshar posted 06-19-2022 04:32

I have a fabric connect with ztp+ for fabric attach and standalone dhcp derver and Ldap server for auth. , switches go through ztp+ smoothly , I have applied dynamic policy with 4 dynamic vlan (staging, 51, 52, 53) applied automatic , user go through registration via captive portal going through staging vlan first and get ip address, after registration the user's vlan gets changed from staging but the ipaddress doesnt change to the new vlan which makes the user stuck in the authentication at the captive portal. when i open cmd on the user's pc and type "ipconfig /release and /renew" the user gets the new ip and gets authenticated successfully
how do i fix this problem?

Ryan Yacobucci's profile image
Ryan Yacobucci

There should be a reauthentication request that occurs on registration to change the role. 

This could be done by RFC 3576/5176 CoA/DM, toggle link, or possibly an SNMP set. It depends on which Control solution is in play and what the switch supports. 

With ZTP+ I'm assuming you have either EXOS/VSP switches that you're working with. It would then depend on if the reauthentication method that is being used is causing a toggle link or link bounce in order to get the DHCP services to initialize on the end system. 

With EXOS I don't believe a link bounce is supported (yet).

What type of switch and which control solution are you working with?

Thanks
-Ryan

ahmed sharshar's profile image
ahmed sharshar
hey ryan,
yes I am using vsp(4450) as backbones and exos switches (x440-g2) as fabric attach and user authenticates via ldap server on active directory , Auth method used is Mac.
I think link bounce not working to get the DHCP services to initialize on the end system.
what should I do to make It faster without change in lease time at active directory ??
thanks in advance
Ryan Yacobucci's profile image
Ryan Yacobucci
Hello,

EXOS does not currently support a link bounce with RFC 3576/5176. 

If you're doing a guest VLAN change you'd have to change the reauthentication method to use toggle link in control. Control can reach out and issue snmp set for ifadmin to disabled/enabled to get new DHCP address. 

Thanks
-Ryan